OCI Security & Access Control, Part I
Introduction
Joint Operating Committees are the key Organizational Construct of a dynamic, innovative, accountable and profitable oil & gas company. It is the interactions of many producers, service providers and suppliers who are involved in the day to day commercial and strategic concerns of that Joint Operating Committee that we need to concern ourselves with. The Security & Access Control module's focus is to ensure the right people have the right access to the right information with the right authority. This is at the right time at the right place and through the right device.
Throughout the Preliminary Specification we discuss two of the most pressing operational issues in the oil & gas industry. Those being the demand for earth science & engineering effort is increasing with each barrel produced. This is best represented by the steep escalation of oil & gas exploration and production costs. At the same time, critical earth science & engineering resources are fixed and difficult to expand. And with the anticipated retirement of this brain trust in the next twenty years, the problem becomes critical. The second issue regards the manner in which the administrative and accounting resources are organized within the industry. With the Preliminary Specification the need for each producer to develop their own administrative and accounting capabilities internally is replaced by an overall industry capability. Then each producer can access those resources on a variable cost basis with direct charges to the Joint Operating Committee. This provides operational flexibility in how a producer approaches its strategic and tactical needs.
There are few short-term solutions to the shortfall in geologists and engineers over the next twenty years. It takes the better part of that time to train them to operate in the industry. What we do know are several "things" being applied in the People, Ideas & Objects Preliminary Specification. Many of these concepts are based on what we call Industrial Command and Control. Which is a method developed in the Security & Access Control module of imposing command and control over any and all Joint Operating Committees, working groups, producer firms, service providers or organizations the producer may need to add structure to. The concepts are the further specialization and division of labor, and a reduction in the redundant building of capabilities within each oil & gas producer, or as we describe it, a pooling of resources in the Joint Operating Committee.
The first concept of specialization and division of labor is well known as a principle of economics that brings about greater economic productivity from the same volume of resources. Given that the volume of earth science & engineering resources is known for the foreseeable future. Specialization and the division of labor will provide us with a tangible means to deal with oil & gas industry productivity. In today’s marketplace, approaching a heightened level of specialization and division of labor without software to define and support it would be foolish.
The pooling concept is the solution to the current desire that each producer firm acquires the earth science & engineering capabilities necessary to deal with all the needs of their “operated” properties. This creates unneeded “just-in-time” capabilities for scarce scientific resources. When each producer within the industry pursues this same strategy substantial redundancies are built into the industry's capabilities. Redundancies that are left unused and unusable. What is proposed through the People, Ideas & Objects software application modules is that the producer's operational strategy avoids the “operator” concept. Instead, it pools their specialized technical resources through the Joint Operating Committee partnership. That way the redundancies that would have been present in the industry can be made available to the producers and used by the producers through hyper-specialization and division of labor.
These same principles are present in the second issue noted above. The administrative and accounting capabilities acquired through industry-wide capabilities provide the producer with the flexibility to address operational concerns. Issues such as today’s low natural gas prices can be addressed through this revised structure. By having administrative and accounting service providers charge their service fees directly to the Joint Operating Committee. The producer gains the ability to shut-in unprofitable production with only positive effects on their financial performance. Administrative, accounting, and production costs are eliminated during shut-in production. Providing the most profitable means of oil & gas operations when unprofitable properties no longer dilute profitable properties. Producers can save their reserves for the time when they can be produced profitably. Reserves costs don't have to carry additional losses if unprofitable production continues. Reserves can be seen as a low-cost solution to production and storage. Commodity prices will have less volatility due to producers removing marginal production from the marketplace.
Being able to provide service providers with access to and security during these day-to-day operations will be a unique situation for the oil & gas producer. Service providers will aggregate data industry wide. And there will be many service providers involved in providing administrative and accounting services to the producer firm and Joint Operating Committees. Consideration of the proprietary nature of the information and security will be priorities for the Preliminary Specification.
A quick note on mobility. People are provided with new devices that enable them to work anywhere. These phones and tablets, in addition to laptop computers, open up security and access control concerns for the innovative and profitable oil & gas producer. Some producers enable their staff with policies that allow them to bring their own devices to work. The fact is these devices provide enhanced productivity and are appropriate for an innovative and profitable oil & gas producer. People, Ideas & Objects Preliminary Specification includes an understanding that these devices will be part of the day to day used in the oil & gas industry.
What these concepts require is what the Security & Access Control module is designed to provide. The system must provide access to the right person at the right time and at the right place with the right authority to the right information. With the Industrial Command & Control there will be a manner in which the technical, and all the resources, that have been pooled from the producers, interact with an appropriate governance and chain of command.
Two Types of Data
When we talk about the various people within the producer firms affiliated with a Joint Operating Committee. And the number of Joint Operating Committees that a firm may have an interest in. And the number of people a firm employs. Access control becomes challenging. It becomes a challenge when we consider that people certainly should have the access required, but the level of trust they may have with respect to other partner organizations is probably not as strong. That is to say, does using the Joint Operating Committee as the key Organizational Construct of a dynamic, innovative, accountable and profitable oil & gas producer, open the producer firm to data loss? This is how People, Ideas & Objects deal with the access and trust issue in the Security & Access Control module.
When we concern ourselves with the data and information of the producer firm. We also concern ourselves with the information cleared by the various Joint Operating Committees that the oil & gas producer has an interest in. We can all agree that this information is proprietary and subject to each producer firm's internal policies. (Information such as reserves data, accounting information, internal reports and correspondence, strategy documents.) What we're concerned about is the information and data held in the Accounting Voucher module and the associated data common to the joint account. (well file, agreements, production data, capital and operating costs, revenue and royalties.)
Close analysis of these two types of data and information held within the firm and the Joint Operating Committee falls within the proprietary and partnership domains. In Canada at least, most data and information regarding well operations can be freely obtained through various regulatory agencies. Nonetheless, the majority of the data is shared through the partnership who have an interest in the data and information. Which is not the case with the producer firm's data. Most of the information is kept close at hand and reported through filtered reserve report summaries and annual reports. Therefore keeping a handle on proprietary data, while operating the Joint Operating Committee as the key Organizational Construct of the innovative oil & gas producer, as proposed by People, Ideas & Objects, does not present any data leakage.
Access control can therefore be limited by restricting any company personnel from viewing other companies' files. Which is a given. While in People, Ideas & Objects access control is restricted to the firm's Joint Operating Committees and the firm's files only. To extend this further, we would limit access to the appropriate roles within the firm. Then it is up to our user community to define a standard set of generic roles in which access is required to certain data types. This would apply to the types of operations handled by that role, for example, read, insert, update, delete. These generic roles could then be assigned to each individual within the organization based on their needs. Assigning multiple roles for more complex access. Access to proprietary data would be restricted to company personnel only.
More on the ICC
Throughout the Preliminary Specification we've discussed our solution to one of the premier issues the oil & gas industry faces. That is the demand for earth science & engineering effort per barrel of oil increases with each barrel produced. This is best represented by the steep escalation of oil & gas exploration and production costs over time. At the same time, critical earth science & engineering resources are fixed and difficult to expand in the short or medium term. Add to that the anticipated retirement over the next twenty years of the current brain trust of the industry and the problem becomes a critical concern.
There are few short-term solutions to the status quo volume of geologists and engineers. It takes the better part of that time to train them to operate in the industry. Our resolution in the People, Ideas & Objects software applications modules involves what we’ve developed and called “Industrial Command & Control” (ICC) and the application of specialization and division of labor. Specialization and the division of labor are well known principles of economics that bring about greater economic productivity from the same volume of resources. Given that the volume of earth science & engineering resources is known for the foreseeable future, specialization and the division of labor will provide us with a tangible means to potentially increase the capability, capacity and productivity of the oil & gas industry, yielding multiples of today’s performance over the long term. With software defining and supporting organizations, today’s producers must approach a heightened level of specialization and division of labor through software in broadly dispersed North American markets.
People, Ideas & Objects ICC involves the implementation of specialization and the division of labor in the fields of geology and engineering. It is currently necessary for each producer firm to acquire all the earth science & engineering capabilities necessary to deal with the needs of the properties they "operate". Which allows the full scope of these sciences to be deployed "just-in-time". When each producer within the industry pursues this same strategy, organizational inefficiencies in these critical resources are introduced. This is due to the method of organization built into the industry's overall capacity and capabilities. Leaving resource utilization rates lower due to the volume of unused and unusable resources locked in each producer firm.
What is proposed through the People, Ideas & Objects software application modules ICC is that the producer's operational strategy avoids the “operator” concept. Instead, it pools these technical resources through each of their partnerships represented in their Joint Operating Committees. That way the inefficiencies that would have been present in the industry can be made available and used through industry wide, producer focused, advanced and advancing specialization and division of labor. Where many of the lower end processes are offloaded to service providers who specialize in that basic skill on behalf of many producers. This is done in a geographical area or other specialization. And each individual producer focuses on a specialized element of science as it develops and innovates upon that. People, Ideas & Objects believe producers will soon be unable to commercially support the full scale of engineering & earth science disciplines tasks and responsibilities as they have in house. This will be due to the shortages of resources, the cost escalation of these resources in the market due to their shortages, the expansion of demand from higher production volumes to achieve energy independence, the demands for more science in each incremental barrel of oil produced, the anticipated, substantial expansion of the sciences and the need to innovate upon that expanding science. For producers to maintain a broadened division of labor to deal with these issues and “operatorship” capabilities, it will extend them beyond any producer's commercial capacity.
What these concepts demand is what the Security & Access Control module is designed to provide through the ICC. The People, Ideas & Objects system must provide access to the right person at the right time and at the right place. This is with the right authority and the right information. With the ICC there will be a manner in which the technical and all the resources pooled from the producers, interact with the appropriate governance, compliance and industry standard chain of command.
Before the hierarchy which was a commercial development of the 20th century, there was only the military structure in terms of large organizations. The main difference between the two is subtle but significant. Military structures are broader and flatter than hierarchy. That is one of the ideals we are seeking, but the more significant feature is the ability for the chain of command to span multiple internal and external organizational structures and to move resources from different areas of the military through standardization.
The nature of people working through the industry-standard chain of command layered over the Joint Operating Committee will include all oil & gas disciplines. The contributions of staff, financial and technical resources will include all those employed by the industry today. I could foresee many office buildings being refurbished to accommodate the staff of a single Joint Operating Committee of a large property. There, staff from the different producers may be seconded to provide support for the Joint Operating Committee. They may work for a single Joint Operating Committee, not for any particular producer firm.
As background we should recall that each individual would have different access levels and authorizations in terms of access to People, Ideas & Objects ERP systems. Assuming different roles and responsibilities, they would impose different access levels to data, information, processes and functionality. People, Ideas & Objects application modules rely on the Security & Access Control module to implement Industrial Command & Control. This structure, particularly in a Joint Operating Committee, would weave multiple producer firms under one industry standard chain of command. The interface ensures that all processes are monitored for compliance, governance, and overall completeness.
Access, Roles and Responsibilities
This topic discusses the way authorizations, roles and responsibilities are handled in the Security & Access Control module of the Preliminary Specification. We should discuss the topic of delegating authority and responsibility during absences, which can come up from time to time.
As background we should recall that each individual would have different access levels and authorizations in terms of access to the People, Ideas & Objects systems. Assuming various roles and responsibilities, they would impose different access levels to data, information, processes and functionality. In addition, Security & Access Control is the key module for implementing Industrial Command & Control across People, Ideas & Objects. This structure, particularly in a Joint Operating Committee, would weave multiple producer firms under one chain of command. To ensure compliance, governance, and overall process completeness, it will need to provide an interface to ensure all processes are monitored.
Throughout the Preliminary Specification there is the perception of a heightened role for technology in terms of enabling authorization to conduct operations. Thus, the ability to do things and get things done depends on collaborating with partners and authorizing actions through processes managed by the systems. This participation dictates that the designation of the roles in the Security & Access Control module “means” more than just data access; it imposes authority and responsibility to undertake actions on behalf of Joint Operating Committees and / or producer firms.
It is necessary to assign this authority within the Security & Access Control module during any absence. If someone with authority and responsibility was away for whatever reason, they should be able to assign their authority to another person. This will enable them to fill that role while away. This will ensure that the process isn’t held up during their absence. Delegations of authority have been used for years in large firms and with a system that imposes authorizations and responsibilities on specific roles, the ability to temporarily move them down, across or up the chain of command is a necessity to keep the organization functioning.
Lastly we should talk about the interface that helps to identify missing elements in a process. It would simply show the command structure of the people assigned to a Joint Operating Committee or a process. It would also show their related role, authorizations and responsibilities. If someone was away, it would indicate who took over their role. It would help to identify how they could impose a chain of command to fill any vacancies. This would be particularly helpful if the role or process needed to be documented for compliance purposes.