Our company regards information as a valuable asset, and it is essential to protect the information, which is critical for the sustainability of our activities throughout its life cycle.
In SOCAR Group, information security is defined as protecting information against dangers and threats to ensure business continuity and minimize the damages that may arise from financial losses and security breaches.
Information security provides the following for any corporate and personal data of value:
Confidentiality ensures that information is accessible only by authorized personnel,
Integrity ensures that information remains accurate and with all changes tracked and controlled,
Accessibility, so empowered people can use information whenever they need it.
In line with our company's vision and mission, information security is handled as a strategic issue and managed with a risk and process-oriented approach. The aims are as follows:
a. Ensuring business continuity
b. Limiting and managing potential risks
c. Meeting legal obligations, compliance and other requirements
d. Ensuring data security in services offered to internal and external customers
e. Protecting our production facilities against cyber threats
f. Gaining competitive advantage
g. Protection of corporate prestige
h. Increasing information security awareness
Our company's information security is planned, implemented, monitored, and reviewed with a risk management approach in line with international standards and best practices. Information security risks are analyzed, and risk mitigation activities and periodic audits are carried out with independent auditors.
SOCAR Group Senior Management commits to take the necessary security measures to protect the information stored, processed, or transmitted electronically or physically, to provide the required resources and support for continuous improvement within the Information Security Management System framework, and to comply with legal and other requirements.
Our company is obliged to ensure the security of information and information systems by the legal regulations in our country and regulations in the countries of the group companies. All our employees, especially data and process owners, are responsible for ensuring information security. Therefore, anyone who uses, manages, and accesses company information systems and information assets must comply with the following responsibilities.
a. Protecting the confidentiality, integrity, and availability of information assets
b. Knowing and applying information security policies, standards, procedures, and instructions
c. Using IT resources under laws, policies, and business purposes
d. Adopting and enforcing a clean desk and screen policy
e. Ensuring the confidentiality and privacy of personal information
f. Sharing information only with authorized persons
g. Using hard-to-guess passwords and ensuring their privacy
h. Ensuring that information is adequately backed up and business continuity
i. Classifying information for owned data and taking necessary precautions
j. Reporting information security breach incidents and potential vulnerabilities