Our company regards information as a valuable asset, and it is essential to protect the information, which is critical for the sustainability of our activities throughout its life cycle.

In SOCAR Türkiye, information security is defined as protecting information against dangers and threats to ensure business continuity and minimize the damages that may arise from financial losses and security breaches.

Information security provides the following for any corporate and personal data of value:

• Confidentiality to be known and accessed only by authorized personnel
• Integrity to ensure that the information is correct and complete and that the changes made are kept under control.
• Accessibility, so empowered people can use information whenever they need it.

 

In line with our company's vision and mission, information security is handled as a strategic issue and managed with a risk and process-oriented approach. The aims are as follows

1. Ensuring business continuity
2. Limiting and managing potential risks
3. Meeting legal obligations, compliance requirements, and other requirements
4. Ensuring data security in services offered to internal and external customers
5. Protecting our production facilities against cyber threats
6. Gaining competitive advantage
7. Protection of corporate prestige
8. Increasing information security awareness

Our company's information security is planned, implemented, monitored, and reviewed with a risk management approach in line with international standards and best practices. Information security risks are analyzed, and risk mitigation activities and periodic audits are carried out with independent auditors.

SOCAR Türkiye Senior Management commits to take the necessary security measures to protect the information stored, processed, or transmitted electronically or physically, to provide the required resources and support for continuous improvement within the Information Security Management System framework, and to comply with legal and other requirements.

Our company is obliged to ensure the security of information and information systems by the legal regulations in our country and especially the EMRA and KVKK regulations. All our employees, especially data and process owners, are responsible for ensuring information security. Therefore, anyone who uses, manages, and accesses company information systems and information assets must comply with the following responsibilities:

1. Protecting the confidentiality, integrity, and availability of information assets
2. Knowing and applying information security policies, standards, procedures, and instructions
3. Using IT resources under laws, policies, and business purposes
4. Adopting and enforcing a clean desk and screen policy
5. Ensuring the confidentiality and privacy of personal information
6. Sharing information only with authorized persons
7. Using hard-to-guess passwords and ensuring their privacy
8. Ensuring that information is adequately backed up and business continuity
9. Classifying information for owned data and taking necessary precautions
10. Reporting information security breach incidents and potential vulnerabilities

We believe in the power of working in a transparent, accountable, fair, and responsible manner. We minimize the effects of risks that may affect our stakeholders.

With the Risk Management Policy established in line with our vision, mission, and values, we aim to gain the trust of our stakeholders and contribute to continuous improvement and sustainable development while prioritizing the protection of company assets and values. We act by legal requirements to eliminate risks.

Our commitments are as follows:

• To identify risks that may endanger the existence, development, and continuation of the company
• To take the necessary precautions regarding the identified risks and to manage the risk
• Identifying opportunities that can increase the profitability of the company and the effectiveness of its operations
• To carry out the necessary work on these opportunities
• Prepare reports periodically
• Measuring performance by tracking indicators
• Designing, selecting, and putting into practice risk measurement models, reviewing them regularly, performing scenario analyses, and making necessary changes.
• Ensuring adherence to ethical principles
• Providing the necessary infrastructure and resources
• To define the responsibilities related to risk management and to carry out activities to increase stakeholders' awareness.

Our priority is the reliability and sustainability of the analyses performed with modern devices that meet global standards by following the most advanced technological developments.

With the Laboratory Management System that we created in line with our vision, mission, principles, and values at PETKİM, we primarily aim to gain the trust of our stakeholders and contribute to sustainable development. We operate in compliance with legal requirements.

Our commitments are:

• To carry out the experiments requested by PETKİM Petrokimya Holding A.Ş factories and units, and when possible, by other organizations. To prioritize understanding quality service with good professional and technical practices in our work.
• To base our experiments on objectivity, independence, honesty, confidentiality, and reliability. To provide services with national and international standards and/or defined analysis methods under the customer's conditions and closely monitor technological developments.
• To fulfill the legal requirements related to laboratory activities.
• Presenting the Laboratory Management System to the laboratory staff, ensuring that they are understood clearly, and keeping communication channels open for this purpose.
• To ensure that our service is fast, error-free, and precise.
• To perform all our services with qualified personnel who have learned the documentation within this scope and can apply the policies and procedures in their work.
• To fulfill the requirements of ISO 9001, ISO 14001, TS 18001, ISO 50001, TS ISO 10002, ISO 27001, and TS ISO 31000 standards within the scope of TS EN ISO / IEC 17025 and Integrated Management System. To continuously improve the management effectiveness, to provide the necessary personnel and resources for this process.
• To fulfill the requirements of the Turkish Accreditation Agency (TÜRKAK) and to expand the scope of accreditation over time.
• To ensure that the quality objectives are presented to all employees and are clearly understood by the employees.
• To review that the system continues under appropriate conditions to guarantee its continuity.