Digital Field Worker. Photo: Ole Jørgen Bratland.

Supplier
Information

We value and emphasize our commitment to working with high-performing suppliers who adhere to our health, safety, ethics, and corporate responsibility standards. We believe strong partnerships are key to maintaining our competitive edge.

  • Supply Chain in Equinor

    On our homepage, 

     

    discover how partnering with us as a supplier can enhance your business and our operations. We prioritize relationships with top-performing suppliers who share our commitment to health, safety, and ethical standards. By registering with us, you contribute to socio-economic growth and gain opportunities for continuous improvement in security, technology, and innovation. Expect transparency, fairness, and predictability in all our dealings as we strive for a sustainable supply chain.

     

    Learn more about becoming a supplier

  • Code of Conduct

    Equinor’s No Gift, Hospitality and Expense Policies
     

    Dear Valued Supplier,

    We would like to take this time to thank you for your collaboration and valuable contributions. This excellent and important cooperation is crucial for us and the industry, and will continue to be an essential factor in realizing our ambition of achieving net zero in 2050.


    GIFTS, HOSPITALITY AND EXPENSES

    As the holiday season is fast approaching, we would like to reiterate the importance of understanding and adhering to Equinor’s Policy on gifts, hospitality and expenses outlined in Equinor’s Code of Conduct.


    As a supplier to Equinor, no offer of gifts, directly or indirectly, to Equinor’s employees, company representatives and/or any procurement responsible should be made. Hospitality such as social events, meals or entertainment should be avoided, unless a strong and clear business reason exists, and the costs are reasonable. Travel, accommodation, and other expenses for the individual representing Equinor will always be paid by Equinor.


    We look forward to collaborating with you also in the future.


    To get there. Together.


    With best regards,

    Mette Halvorsen Ottøy
    PDP Procurement and Supplier Relations
    SVP Supply Chain – Chief Procurement Officer

  • Cyber Security Baseline

    Cyber Security Baseline Expectations to Suppliers 

     

    1 Introduction 

    Equinor’s Cyber Security Baseline Expectations for Suppliers sets minimum standards for all Information Technology (IT) and Operational Technology (OT) suppliers, as well as other suppliers that access, transfer, process or store Equinor’s sensitive information. By meeting these expectations, suppliers strengthen the resilience of Equinor’s operations, build trust, and safeguard mutual interests, which are essential to the business relationship. 

     

    2 Expectations 

    2.1 Cyber Security Management 

    Suppliers have a cyber security programme that is proportionate to the nature and scale of the services or products delivered to Equinor. The effectiveness of the programme is regularly evaluated to promote continuous improvement. Practices are aligned with recognised industry standards (e.g. ISO 27001 or NIST CSF) and are compliant with applicable legal and contractual requirements. 

     

    2.2 Risk Management 

    Suppliers have an established risk management process to ensure that cyber security risks relevant to the delivery of the contract are assessed. Identified risks are regularly monitored and mitigated. 

     

    2.3 Information Protection 

    Where suppliers handle Equinor’s information, they have implemented measures to prevent leaks, misuse or loss of information, both in transit and at rest. Information is not used outside the agreed purpose, scope or environment without Equinor’s consent. At contract termination, information is either made available to Equinor or securely deleted, as agreed upon. 

     

    2.4 Supply Chain Security 

    Suppliers have a process to ensure that sub-suppliers significant to the delivery of the contract meet equivalent cyber security expectations. The primary supplier remains responsible for cyber security throughout the entire contractual relationship. Cyber security requirements are embedded in contractual agreements with sub-suppliers and are monitored. 

     

    2.5 Incident Management 

    Suppliers have procedures to detect and respond to cyber security incidents. Equinor is notified without undue delay, and no later than 72 hours after the supplier becomes aware of a data breach or other security incident that may affect the delivery of the contract. Notification is made through agreed channels or by calling Equinor’s service desk on +47 51 99 92 22 and must include the name of Equinor’s representative for the contract. Response and recovery are carried out to limit impact and avoid unnecessary harm to Equinor’s interests. Security incidents are documented, reviewed and reported. Equinor’s involvement is not disclosed publicly or to external parties without consent. 

     

    2.6 Business Continuity Management 

    Suppliers have business continuity and disaster recovery plans to ensure continued operation and the delivery of the contract in the event of disruptions. The plans are tested and maintained to reflect operational changes or lessons learned from incidents and exercises. 

     

    3 Assurance 

    Equinor may conduct assurance activities to verify compliance with the requirements of the contract and this baseline (e.g. audits or document reviews), where permitted by the contract. Suppliers are expected to demonstrate transparency in this matter, and to consider and act upon remediation requests resulting from assurance activities. Recognised cyber security certifications or audits (such as ISO 27001 or SOC 2 Type II), simplify the assessment process for suppliers and result in stronger assurance 

  • Important Purchase Orders (POs)

    Supplier Information regarding the follow-up of important Purchase Orders (POs) for Equinor

    We value our relationships with suppliers and appreciate your support in achieving our shared goals. On-time deliveries are crucial for a dependable and sustainable supply chain that meets our stakeholders' and customers' expectations.

     

    Equinor’s expediting team closely monitors and follows up on POs with items critical to our operations. If you receive a communication from us, it will include a detailed list of POs requiring follow-up, provided in an HTML table via email.

     

    We kindly request that you review these orders and provide feedback on the expected delivery timelines. If adjustments or corrective actions are needed, we request that suppliers promptly notify Equinor of any updates or changes related to POs.

     

    Your cooperation in maintaining clear communication and providing accurate updates strengthens our partnership and supports the success of our shared operations.