OUR POLICIES

We build a trust-based future with our corporate principles

As TP-OTC, in all areas where we operate, we adopt transparency, sustainability, occupational health and safety, and quality standards as our foundation.

Information Security Policy

Turkish Petroleum Off-Shore Technology Center Joint Stock Company (TP-OTC) was established to carry out oil operations and trade both domestically and abroad, operating in fields such as exploration, drilling, production, transportation, marketing, service activities, ship and port management, and refining.

This Policy covers TP-OTC's assets, information technology processes and infrastructure, all employees, third-party suppliers, consultants, and all stakeholders with access to its data or technology resources.

In this regard, TP-OTC commits to the following in order to ensure the security of all information produced and processed within the framework of information security requirements and to effectively manage all threats to information assets:

  • Ensuring the establishment, operation, and continuous expansion of the information security management system,

  • Maintaining the confidentiality, integrity, and availability of corporate information within the scope,

  • Achieving full compliance with national and international sectoral and legal regulations, legislative provisions, and contracts to increase the cyber resilience and information security of systems used directly and indirectly in hydrocarbon exploration and production activities,

  • Guaranteeing the effective field operation of policies and procedures prepared and approved within the scope of the information security management system,

  • Preventing potential information security incidents, and in cases where they cannot be prevented, intervening as quickly as possible to minimize their impact and prevent recurrence,

  • Meeting the information security requirements of the systems, applications, and software used in the institution,

  • Ensuring the identification and systematic management of risks related to information security,

  • Managing the interaction between corporate information technology (IT) and operational technology (OT) systems within a secure architecture based on business continuity and information security risks,

  • Conducting training to increase information security awareness and develop competencies,

  • Establishing a dynamic structure to adapt to developments in the field of information technology and increasing communication with relevant institutions and organizations,

  • Setting continuous improvement targets and conducting regular evaluations in line with these targets,

  • Guaranteeing, through contracts and audits, the compliance of all suppliers and stakeholders who have access to critical systems or with whom data is shared with the organization's security standards,

  • Positioning security as an integral part of operational processes by considering the potential impacts of information security breaches on physical operations, environmental safety, and human health.