Information Safety Management System (SGSI)

The PETROPERU Information Security Management System is the set of Policies, procedures, instructions, guides, resources and associated activities, which are managed to preserve the confidentiality, integrity and availability of the information, according to the "NTP ISO/IEC 27001: 2014 Information Technology, Security Techniques, Information Security Management Systems", applying a Risk Management process and providing confidence to stakeholders in the sense that risks are handled properly.

Regulatory Base

At PETROPERU we are developing our Information Security Management System, according to what is established in the following normative documents:

  • Ministerial Resolution No. 004-2016-PCM, approved on January 13, 2016, with which the Presidency of the Council of Ministers approved the mandatory use of the Peruvian Technical Standard NTP-ISO/IEC 27001: 2014, Information Technology. Information security management systems. Requirements 2nd Edition, in all entities that make up the National Computing System.
  • Ministerial Resolution No. 166-2017-PCM, published on 20.06.2017, with which the Presidency of the Council of Ministers approved the amendment of Article 5 of the R.M. N° 004-2016-PCM referring to the Information Security Management Committee.
  • Law No. 27806: Law on Transparency and Access to Public Information and its amendments.
  • Law No. 29733: Law on the Protection of Personal Data, its Regulations and Modifications.
  • Directorate Resolutions N ° 131-2017-DINI-01 and 030-2018-DINI-01, which validate as National Critical Assets the "North Peruvian Pipeline" and the "Talara Refinery and its Sales Plant", which corresponds to the installations that make up the National Inventory of National Critical Assets, which constitute resources, infrastructure and essential and essential systems to maintain National Capacity.
  • Corporate Policy on Information Security of PETROPERU S.A., approved with Directory Agreement 096-2017-PP.
  • Corporate Policy on Protection of Personal Data of PETROPERU S.A., approved with Directory Agreement 100-2017-PP.
  • Information Security Regulation, approved on 01.30.2019, by General Management.
  • Code of Good Corporate Governance of PETROPERU, approved with Board Agreement No. 047-2018-PP of 05/28/2018.
Documents
Corporate Information Security Policy
Corporate Policy on Personal Data Protection