Information Security Management System

Our Information Security Management System (ISMS) is the set of policies, procedures, instructions, guides, resources and associated activities, which are managed to preserve the confidentiality, integrity and availability of information, in accordance with the technical standard Peruvian (NTP) ISO/IEC 27001:2014 Information Technology. Security Techniques. Information Security Management Systems, applying a risk management process and providing confidence to the interested parties that the risks are properly managed.

Regulatory Basis

At PETROPERÚ we are developing our ISMS, as established in the following regulatory documents:

  • Ministerial Resolution 004-2016-PCM, of 1/13/16, with which the Presidency of the Council of Ministers approved the mandatory use of the NTP-ISO/IEC 27001:2014, Information Technology. Information Security Management Systems. Requirements. Second edition, in all the entities that make up the National Information System.
  • Ministerial Resolution 166-2017-PCM, published on 6/20/17, with which the Presidency of the Council of Ministers approved the modification of article 5 of RM 004-2016-PCM, referring to the Information Security Management Committee.
  • Law 27806 (Law on Transparency and Access to Public Information and its amendments).
  • Law 29733 (Personal Data Protection Law, its regulations and its amendments).
  • Supreme Decree 106-2017-PCM approved the Regulation for Identification, Evaluation and Risk Management of National Critical Assets (ACN).
  • Directorial resolutions 131-2017-DINI-01 and 030-2018-DINI-01, which validate as national critical assets both the North Peruvian Pipeline and the Talara Refinery and its Sales Plant, which corresponds to the facilities that make up the National Inventory of National Critical Assets, which constitute resources, infrastructure and essential and essential systems to maintain national capacities.
  • Directorial resolutions 080-2019-DINI-01 and 120-2019-DINI-01, which validate as national critical assets both the Liquid Hydrocarbons Supply Terminal in Mollendo and the Conchán Refinery, which corresponds to the facilities that make up the National Inventory of the National Critical Assets, which constitute essential and essential resources, infrastructure and systems to maintain national capacities.
  • Directorial Resolution 130-2020-DINI-01, which validates the Iquitos Refinery and Sales Plant as a national critical asset, which corresponds to the facilities that make up the National Inventory of National Critical Assets, which constitute resources, infrastructure and essential systems and essential to maintain national capacities.
  • Corporate Information Security Policy of PETROPERÚ, approved with Board Agreement 100-2017-PP.
  • Corporate Policy for the Protection of Personal Data of PETROPERÚ, approved with Board Agreement 94-2017-PP.
  • Information Security Regulations (version 3), approved on 8/13/21, by General Management.
  • Code of Good Corporate Governance of PETROPERÚ, approved by Board Agreement 047-2018-PP of 5/28/18, modified by Board Agreement 110-2020-PP of 11/5/20.
Documents
Corporate Information Security Policy
Corporate Policy on Personal Data Protection