WhatsApp

Information Security Management System

Our Information Security Management System (ISMS) is the set of policies, procedures, instructions, guides, resources and associated activities, which are managed to preserve the confidentiality, integrity and availability of information, in accordance with the technical standard Peruvian (NTP) ISO/IEC 27001:2014 Information Technology. Security Techniques. Information Security Management Systems, applying a risk management process and providing confidence to the interested parties that the risks are properly managed.

Information Security Officer

With Action Sheet GGRL-5457-2020 of 08.07.2020, the Internal Audit and Risk Department Manager (Current Corporate Process and Risk Manager) was appointed as Information Security Officer.

Information Security Committee

With Action Sheet GGRL-0235-2021 of 01.27.2021, the composition of the members of the Information Security Committee was updated:

President (*)

The head of the Entity or their representative.

Innovation, Development and New Business Manager (Current Corporate Administration Manager).

Member (*)

The person in charge of administration or whoever acts on their behalf.

People Management Manager (Current Corporate Human Resources Manager).

Member (*)

The person in charge of planning or whoever acts on their behalf.

Planning and Management Manager (Current Corporate Planning and Management Manager).

Member (*)

The person in charge of the legal area or whoever acts on their behalf.

Legal Manager (Current Corporate Legal Manager).

Member (*)

The person in charge of the computer area or whoever acts on their behalf.

Information Technology Department Manager.

Member (*)

The Information Security Officer.

Internal Audit and Risk Department Manager (Current Corporate Process and Risk Manager).

(*) Appointed to the position.

 

Regulatory Basis

At PETROPERÚ we are developing our ISMS, as established in the following regulatory documents:

  • Ministerial Resolution 004-2016-PCM, of 1/13/16, with which the Presidency of the Council of Ministers approved the mandatory use of the NTP-ISO/IEC 27001:2014, Information Technology. Information Security Management Systems. Requirements. Second edition, in all the entities that make up the National Information System.
  • Ministerial Resolution 166-2017-PCM, published on 6/20/17, with which the Presidency of the Council of Ministers approved the modification of article 5 of RM 004-2016-PCM, referring to the Information Security Management Committee.
  • Law 27806 (Law on Transparency and Access to Public Information and its amendments).
  • Law 29733 (Personal Data Protection Law, its regulations and its amendments).
  • Supreme Decree 106-2017-PCM approved the Regulation for Identification, Evaluation and Risk Management of National Critical Assets (ACN).
  • Directorial resolutions 131-2017-DINI-01 and 030-2018-DINI-01, which validate as national critical assets both the North Peruvian Pipeline and the Talara Refinery and its Sales Plant, which corresponds to the facilities that make up the National Inventory of National Critical Assets, which constitute resources, infrastructure and essential and essential systems to maintain national capacities.
  • Directorial resolutions 080-2019-DINI-01 and 120-2019-DINI-01, which validate as national critical assets both the Liquid Hydrocarbons Supply Terminal in Mollendo and the Conchán Refinery, which corresponds to the facilities that make up the National Inventory of the National Critical Assets, which constitute essential and essential resources, infrastructure and systems to maintain national capacities.
  • Directorial Resolution 130-2020-DINI-01, which validates the Iquitos Refinery and Sales Plant as a national critical asset, which corresponds to the facilities that make up the National Inventory of National Critical Assets, which constitute resources, infrastructure and essential systems and essential to maintain national capacities.
  • Corporate Information Security Policy of PETROPERÚ, approved with Board Agreement 100-2017-PP.
  • Corporate Policy for the Protection of Personal Data of PETROPERÚ, approved with Board Agreement 94-2017-PP.
  • Information Security Regulations (version 3), approved on 8/13/21, by General Management.
  • Code of Good Corporate Governance of PETROPERÚ, approved by Board Agreement 047-2018-PP of 5/28/18, modified by Board Agreement 110-2020-PP of 11/5/20.
Documents
Corporate Information Security Policy
Corporate Policy on Personal Data Protection