Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
---|---|
Dec. 31, 2024 | |
Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] |
As part of our broader approach to risk management, our cybersecurity program is designed to follow an “identify, protect, detect, respond and recover” approach to cybersecurity that is based off of the National Institute of Standards and Technology Cybersecurity Framework (“CSF”). Our strategy also includes segmentation of corporate and operations networks, defense in depth and the least privileged access principle. Operational networks have fundamentally distinct safety and reliability standards and pose unique threats in comparison to information technology networks. Realizing these differences, we routinely evaluate opportunities to refine our cybersecurity program in order to mitigate operational network risks. We include business continuity planning as a component of our strategy to help ensure critical systems are available to support the Partnership in the instance of a disruptive event. We also participate in various industry organizations to stay abreast of recent trends and developments.
On an ongoing basis, we and Cheniere assess our people, processes and technology and, when necessary, adjust the overall program in an effort to adapt to the ever-evolving cyber and geopolitical landscapes. We conduct regular assessments and audits, cross-functional risk mitigation exercises and risk strategy sessions to identify cybersecurity risks, applicable regulatory requirements and industry standards. These engagements are also designed to exercise, assess the maturity of and enhance our Cyber Incident Response Plan. To support these efforts, Cheniere has contracted with third parties to perform facility and system penetration tests, compromise assessments of information technology systems and security maturity assessments of our corporate and operational networks. Cheniere maintains a training program to help its personnel identify and assist in mitigating cybersecurity and data security risks. Cheniere’s employees and the board of directors of our general partner participate in annual training, user awareness campaigns and additional issue-specific training as needed. Cheniere also provides annual training for certain contractors who have access to its information technology networks. With respect to third party service providers, Cheniere’s information security program includes conducting risk-based due diligence of certain service providers’ information security programs prior to onboarding. Cheniere seeks to contractually require third party service providers with access to our information technology systems, sensitive business data or personal information to maintain reasonable security controls and restrict their ability to use Cheniere’s data, including personal information, for purposes other than to provide services to us, except as required by applicable law. Cheniere also seeks to negotiate contractual requirements which compel our service providers to notify us of information security incidents occurring on their systems which may affect Cheniere’s systems or data, including personal information.
|
Cybersecurity Risk Management Processes Integrated [Flag] | true |
Cybersecurity Risk Management Processes Integrated [Text Block] | Risks that could affect us are an integral part of the board of directors of our general partner and Audit Committee deliberations throughout the year. |
Cybersecurity Risk Management Third Party Engaged [Flag] | true |
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
Cybersecurity Risk Board of Directors Oversight [Text Block] |
We rely on Cheniere’s cybersecurity leadership team, which consists of its Director and Chief Information Security Officer, Vice President and Chief Information Officer and Senior Vice President of Shared Services. These individuals collectively provide the strategic oversight of our cybersecurity governance, cyber risk management and security operations and are responsible for maintaining our technology defense posture and program. As part of their governance and risk management responsibilities, these individuals oversee the efforts to prevent, detect, mitigate and remediate cybersecurity risks and incidents, including the systems deployed in our technology infrastructure to monitor for threats, perform security control testing and assessments, and incorporate threat intelligence into our day-to-day cybersecurity operations and strategic initiatives. They have decades of experience managing strategic technology operations, including the identification of cybersecurity risk and the defense of information technology assets from global threats.
Risks that could affect us are an integral part of the board of directors of our general partner and Audit Committee deliberations throughout the year. The board of directors of our general partner has oversight responsibility for assessing the primary risks facing us (including cybersecurity risks), the relative magnitude of these risks and management’s plan for mitigating these risks, while the Audit Committee has been delegated the authority to oversee and periodically review the security of Cheniere’s information technology systems and controls, including programs and defenses against cybersecurity threats. The Audit Committee discusses with management our cybersecurity risk exposures and the steps management has taken to mitigate such exposures, including our risk assessment and risk management policies. On a quarterly basis, Cheniere’s cybersecurity leadership team updates the Audit Committee on the overall status of our cybersecurity program, key operational metrics, current assessments, cybersecurity issues or events and pertinent events related to cybersecurity.
|
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | The board of directors of our general partner has oversight responsibility for assessing the primary risks facing us (including cybersecurity risks), the relative magnitude of these risks and management’s plan for mitigating these risks, while the Audit Committee has been delegated the authority to oversee and periodically review the security of Cheniere’s information technology systems and controls, including programs and defenses against cybersecurity threats. The Audit Committee discusses with management our cybersecurity risk exposures and the steps management has taken to mitigate such exposures, including our risk assessment and risk management policies. |
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | On a quarterly basis, Cheniere’s cybersecurity leadership team updates the Audit Committee on the overall status of our cybersecurity program, key operational metrics, current assessments, cybersecurity issues or events and pertinent events related to cybersecurity. |
Cybersecurity Risk Role of Management [Text Block] | These individuals collectively provide the strategic oversight of our cybersecurity governance, cyber risk management and security operations and are responsible for maintaining our technology defense posture and program. As part of their governance and risk management responsibilities, these individuals oversee the efforts to prevent, detect, mitigate and remediate cybersecurity risks and incidents, including the systems deployed in our technology infrastructure to monitor for threats, perform security control testing and assessments, and incorporate threat intelligence into our day-to-day cybersecurity operations and strategic initiatives. |
Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | We rely on Cheniere’s cybersecurity leadership team, which consists of its Director and Chief Information Security Officer, Vice President and Chief Information Officer and Senior Vice President of Shared Services. |
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | They have decades of experience managing strategic technology operations, including the identification of cybersecurity risk and the defense of information technology assets from global threats. |
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | We conduct regular assessments and audits, cross-functional risk mitigation exercises and risk strategy sessions to identify cybersecurity risks, applicable regulatory requirements and industry standards. These engagements are also designed to exercise, assess the maturity of and enhance our Cyber Incident Response Plan. |
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |