EN AZ

Information Security Policy

Our company considers information a valuable asset; protecting this asset comprehensively throughout its lifecycle is our primary commitment, as it is critical to the continuity of our operations.

At SOCAR Tech, information security is regarded as the set of management and protection measures implemented to ensure business continuity, safeguard data, and minimize security risks.

Scope of Policy

The information security policy applies to all SOCAR Tech employees, contractors, suppliers, and any third parties who have access to SOCAR Tech’s information systems or data. The policy covers all information created, stored, processed, or transmitted by the company, regardless of its format or medium.

Core Principles

  • Confidentiality – Ensuring that only authorized individuals can access information.
  • Integrity – Maintaining the accuracy and completeness of information and controlling any changes made.
  • Availability – Ensuring authorized individuals can access information whenever needed.

Our Objectives

Aligned with our company’s vision and mission, information security is treated as a strategic matter, managed with a risk- and process-oriented approach. Within this framework, we aim to:

  • Ensure business continuity
  • Effectively manage information security risks
  • Ensure compliance with legal requirements
  • Protect information security during service delivery
  • Establish resilient defenses against cyber threats
  • Safeguard corporate reputation
  • Increase awareness of information security
  • Analyze information security risks

Information security is planned, implemented, monitored, and regularly reviewed—where appropriate by independent auditors—according to international standards and best practices, using a risk management approach.

Management Commitment

SOCAR Tech management supports the implementation of appropriate security measures to protect information stored, processed, or transmitted in electronic or physical form. Management also supports the continuous improvement of information security processes and compliance with applicable legal requirements.

Responsibilities of Every Employee

Within the framework of the laws of the countries where we operate, our company is committed to ensuring the security of information systems. Everyone who uses, manages, or has access to the company’s information systems must:

  • Protect the confidentiality, integrity, and availability of information assets
  • Know and apply information security policies, standards, and procedures
  • Use information systems in compliance with laws, policies, and business objectives
  • Adopt and apply a clean desk and clean screen policy
  • Share information only with authorized individuals
  • Use strong passwords and protect their confidentiality
  • Regularly create backups and ensure business continuity
  • Classify information they own and apply necessary protection measures
  • Report information security breaches and potential vulnerabilities to the relevant authority

Our company places special emphasis on the protection of personal data and operates in compliance with the requirements of the Law of the Republic of Azerbaijan “On Personal Data.”

Review 

The information security policy is reviewed at least once a year, as well as whenever significant changes occur in information security, legislation, or the company’s operations that may affect it. Updates are made when necessary.