Page Menu

About Us

Information Security Policy

Information is acknowledged as valuable asset by our company and the protection of information properly, that is critical in order to maintain continuity of our activities, is crucial during lifetime of information.

Information security at SOCAR Turkey; is defined as protecting information against risks and threats in order to maintain business continuity and minimize financial loss based on security breaches. By information security, to prevent loss, damage, theft or compromise of all kinds of valuable and personal data;

  • Confidentiality with known and accessible by authorized persons only,
  • Integrity of information by controlling changes on the accuracy and reliability of information,
  • Availability for authorized persons whenever needed to use,


İs provided and protected.

Information security is ensured to be managed by risk and process focused approach, treated as a strategic issue towards the company vision and mission, to achieve the following acquisitions;

  • Maintaining business continuity
  • Classifying and managing potential risks
  • Ensuring conformity with regulations, compliance requirements and other requirements
  • Ensuring data security for the services provided to internal and external customers
  • Protecting production units against cyber threats
  • Achieving competitive advantage
  • Protecting corporate reputation
  • Improving information security awareness

Information security is planned, implemented, monitored, reviewed and developed by risk management approach towards international standards and best practices. Information security risks are assessed, risk treatment activities are implemented and reviewed periodically with external audits conducted by independent auditors.

SOCAR Turkey Board of Directors commits; to implement necessary precautions to protect confidentiality, availability and integrity of data stored, processed or transmitted by electronically or physically, to provide resources and support for continuous improvement of Information Security Management System, to ensure conformity with regulations and other requirements related to the information security.

SOCAR Turkey is subject to ensure that the services provided are in compliance with the standards and regulations of the national public institutions and organizations (Energy Market Regulatory Authority (EMRA), Law on Protection of Personal Data (KVKK), 5651, etc.) as well as with the laws, regulations and legislation, in order to maintain information security. Including data and process owners, all the employees are responsible for information security. Accordingly, all the people using, managing information systems and accessing corporate information assets, are under obligation to the following responsibilities.

  • To protect confidentiality, integrity and availability of information assets
  • To know and implement information security policy, standard, procedures and guidelines
  • To use IT resources properly according to regulations, policies and business objectives
  • To adopt and adapt clear desk and clear screen policy
  • To ensure confidentiality and privacy of personal data
  • To share information only with authorized people
  • To use hard to guess passwords and protect confidentiality
  • To backup data properly and provide business continuity
  • To classify data owned and take necessary precautions to protect data
  • To report information security breaches and potential vulnerabilities