» About » Policy » Information Security

Information Security Policy

Amir Kabir Petrochemical Company, in order to carry out its mission in pursuit of security objectives and reduction of information security related events, has implemented the information security management system in all its business processes in the field of IT management in accordance with the standard ISO 27001:2013.

In this regard, the company is committed to the following principles:

1. Define, approve, confirm, modify and enforce the information security procedures in the company and monitor its good implementation, while taking the following items into account in the information security procedures of the company:

·         Ensure the confidentiality of information by preventing unauthorized access

·         Ensure the integrity and accuracy and prevent the unwanted change of information

·         Ensure the availability of information for business processes for authorized persons

·         Ensure compliance with all upstream, internal and legal requirements.

·         Ensure management of hazards associated with exposures & vulnerabilities threats.

·         Design, implementation, maintenance and testing of business continuity plan

1.      Eliminating the risks associated with information security

2.      Developing the company's computer network securely

3.      Securely develop & supply the company’s software.

4.      Reducing events associated with information security by ensuring that all of the security holes and threats contained in the company are reported and permanently addressed to them.

5.      Developing a  culture of IT security at the company level  with the confidence of Culturalization and information security training for all  the personnel

6.      Development of competencies and employee participation in continuous improvement of information security management system

The management of the company is committed to providing the resources and facilities necessary to meet the requirements of this standard and to realize the above-mentioned issues and to support the objectives and related programs.

The information security management policy is also understood by all colleagues of the company and revised annually as needed.