XML 146 R35.htm IDEA: XBRL DOCUMENT v3.25.0.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] Risk Management and Strategy
We recognize the importance of developing, implementing and maintaining robust cybersecurity measures to safeguard our information systems and protect the confidentiality, integrity and availability of our data. Civeo leverages controls modeled in the Center for Internet Security (CIS) and the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) to evaluate our cybersecurity capabilities and to inform the implementation and configuration of certain systems, processes, and technologies. Our processes for assessing, identifying, and managing material risks from cybersecurity threats have been integrated into our overall risk management system and processes. Cybersecurity events are collected, evaluated and, when appropriate, escalated to the Chief Information Security Officer (CISO) for impact analysis utilizing our cybersecurity risk management policy.

Our cybersecurity policies and procedures encompass data privacy, incident response, information security and risks from our use of third-party vendors. In order to help develop these policies and procedures, we monitor applicable privacy and cybersecurity laws, regulations and guidance in the regions where we do business, as well as proposed privacy and cybersecurity laws, regulations, guidance and emerging risks.

Cybersecurity risks are monitored and evaluated by management through an internal compliance program with oversight by internal audit. We engage various third-party cybersecurity partners, such as auditors, assessors and consultants to perform penetration testing and audits on our cybersecurity profile. With the assistance of a third-party cybersecurity consultant, we also conducted three cyber breach simulation exercises in the last five quarters, focused on incident management and communication processes. These third-party partnerships enable us to leverage specialized knowledge and insights, and are meant to ensure our cybersecurity strategies and processes remain appropriately tailored to the company’s risk profile. In order to promote a company-wide culture of cybersecurity risk management, management has also implemented programs to both test and train our employees on cybersecurity fundamentals, including both annual and ongoing information security awareness training.
Risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have not materially affected us, including our business strategy, results of operations, or financial condition, but we face certain ongoing risks from cybersecurity threats that, if realized, are reasonably likely to have such an affect.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] Our processes for assessing, identifying, and managing material risks from cybersecurity threats have been integrated into our overall risk management system and processes. Cybersecurity events are collected, evaluated and, when appropriate, escalated to the Chief Information Security Officer (CISO) for impact analysis utilizing our cybersecurity risk management policy.Our cybersecurity policies and procedures encompass data privacy, incident response, information security and risks from our use of third-party vendors. In order to help develop these policies and procedures, we monitor applicable privacy and cybersecurity laws, regulations and guidance in the regions where we do business, as well as proposed privacy and cybersecurity laws, regulations, guidance and emerging risks.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block]
While the Board maintains responsibility for risk oversight it has delegated responsibility for evaluating technology and cybersecurity risks to the Audit Committee. The Board reviews the Company's cybersecurity risk posture, strategy and execution on at least an annual basis while the Audit Committee receives cybersecurity updates quarterly.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
While the Board maintains responsibility for risk oversight it has delegated responsibility for evaluating technology and cybersecurity risks to the Audit Committee. The Board reviews the Company's cybersecurity risk posture, strategy and execution on at least an annual basis while the Audit Committee receives cybersecurity updates quarterly.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
The CISO and executive management play a pivotal role in informing the Audit Committee on cybersecurity risks. Executive management, including the CISO, meets regularly with the Audit Committee to discuss cybersecurity risks, review
quarterly cyber metrics and oversee progress against our annual action plans. These briefings may encompass a broad range of topics, including:

Current cybersecurity landscape and emerging threats;
Status of ongoing cybersecurity initiatives and strategies;
Incident reports and learnings from any cybersecurity events; and
Compliance with regulatory requirements and industry standards.

In addition to our scheduled meetings, the Audit Committee and executive management maintain an ongoing dialogue regarding emerging or potential cybersecurity risks, and the CISO regularly updates executive management on cybersecurity risks and incidents.
Cybersecurity Risk Role of Management [Text Block]
The CISO and executive management play a pivotal role in informing the Audit Committee on cybersecurity risks. Executive management, including the CISO, meets regularly with the Audit Committee to discuss cybersecurity risks, review
quarterly cyber metrics and oversee progress against our annual action plans. These briefings may encompass a broad range of topics, including:

Current cybersecurity landscape and emerging threats;
Status of ongoing cybersecurity initiatives and strategies;
Incident reports and learnings from any cybersecurity events; and
Compliance with regulatory requirements and industry standards.

In addition to our scheduled meetings, the Audit Committee and executive management maintain an ongoing dialogue regarding emerging or potential cybersecurity risks, and the CISO regularly updates executive management on cybersecurity risks and incidents.

Primary responsibility for assessing, monitoring and managing our cybersecurity risks rests with the CISO who has over 18 years of experience in the field of cybersecurity, including at Civeo and previously for a Fortune 500 company. The CISO implements and oversees processes for the monitoring of our information systems, which includes the deployment of advanced security measures and regular system audits to identify potential vulnerabilities. The CISO also oversees our cybersecurity governance programs, assists with testing our compliance with applicable standards, leads our efforts to remediate known risks and leads our employee training program.

The Company deploys a Security Operations Center team who monitor and escalate cybersecurity events to the CISO. In the event of a cybersecurity incident, the Company maintains an incident response plan, which is intended to facilitate response, escalation, and mitigate the impact of the incident and includes long-term strategies for remediation and prevention of future incidents. Significant cybersecurity matters and certain strategic risk management decisions are escalated to the Audit Committee and the Board.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
The CISO and executive management play a pivotal role in informing the Audit Committee on cybersecurity risks. Executive management, including the CISO, meets regularly with the Audit Committee to discuss cybersecurity risks, review
quarterly cyber metrics and oversee progress against our annual action plans. These briefings may encompass a broad range of topics, including:

Current cybersecurity landscape and emerging threats;
Status of ongoing cybersecurity initiatives and strategies;
Incident reports and learnings from any cybersecurity events; and
Compliance with regulatory requirements and industry standards.

In addition to our scheduled meetings, the Audit Committee and executive management maintain an ongoing dialogue regarding emerging or potential cybersecurity risks, and the CISO regularly updates executive management on cybersecurity risks and incidents.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
Primary responsibility for assessing, monitoring and managing our cybersecurity risks rests with the CISO who has over 18 years of experience in the field of cybersecurity, including at Civeo and previously for a Fortune 500 company. The CISO implements and oversees processes for the monitoring of our information systems, which includes the deployment of advanced security measures and regular system audits to identify potential vulnerabilities. The CISO also oversees our cybersecurity governance programs, assists with testing our compliance with applicable standards, leads our efforts to remediate known risks and leads our employee training program.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
The CISO and executive management play a pivotal role in informing the Audit Committee on cybersecurity risks. Executive management, including the CISO, meets regularly with the Audit Committee to discuss cybersecurity risks, review
quarterly cyber metrics and oversee progress against our annual action plans. These briefings may encompass a broad range of topics, including:

Current cybersecurity landscape and emerging threats;
Status of ongoing cybersecurity initiatives and strategies;
Incident reports and learnings from any cybersecurity events; and
Compliance with regulatory requirements and industry standards.

In addition to our scheduled meetings, the Audit Committee and executive management maintain an ongoing dialogue regarding emerging or potential cybersecurity risks, and the CISO regularly updates executive management on cybersecurity risks and incidents.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true