SUMMARY

  1. OBJECTIVE
  2. APPLICATION AND SCOPE
  3. REFERENCE AND COMPLEMENTARY DOCUMENTS
    1. Reference Documents
    2. Complementary Documents
  4. DEFINITIONS
  5. RESPONSIBILITY AND AUTHORITY
  6. DESCRIPTION
    1. Principles
    2. Guidelines
  7. REGISTRATIONS
  8. ANNEXES

  1. OBJECTIVE

Establishing Transpetro's Information Security Policy

  1. APPLICATION AND SCOPE

It applies to Petrobras Transporte S.A. – TRANSPETRO and its equity interests (Transpetro Bel 09 S.A. –TRANSBEL and Transpetro International B.V. - TIBV), taking into account the specificities of each company.

Policy approved by Transpetro's Board of Directors - Minutes CA 308, of October 28, 2021. 
Policy approved by Transbel's Board of Executive Officers - Certificate No. 14, Item 03, Agenda 003.
Policy approved by the TIBV Executive Board - WR MB TIBV No. 05-2022 of 04/04/2022.

  1. REFERENCE AND COMPLEMENTARY DOCUMENTS

    1. Reference documents

PL-0SPB-00019 Petrobras INFORMATION SECURITY POLICY

    1. Additional documents

Not applicable

  1. DEFINITIONS

Confidentiality: the property by which it is ensured that information is not available or disclosed to an unauthorized or unaccredited person, system, body or entity;

Availability: the property by which it is ensured that information is accessible and usable on demand by an individual or a certain duly authorized system, body or entity;

Integrity: the property by which it is ensured that information has not been modified or destroyed in an unauthorized or accidental manner;

Authenticity: the property by which it is ensured that information has been produced, dispatched, modified or destroyed by a specific individual, piece of equipment, system, body or entity.

  1. AUTHORITY AND RESPONSIBILITY

Not applicable

  1. DESCRIPTION

    1. Principles
      1. The company handles information in compliance with business requirements, the relevant regulations and the pillars of Information Security: Confidentiality, Availability, Integrity and Authenticity.
      2. The company maintains a comprehensive and systemic view of information security in its businesses, processes and relationships.

    1. Guidelines

The Company must:

      1. Maintaining Information Security governance, defining activities, roles and responsibilities;
      2. Promote the culture of Information Security, disseminating it effectively and continuously;
      3. Apply technological and administrative measures aimed at Information Security and Cyber Security, in line with the prioritization from the Corporate Risk Analysis, and may even disconnect non-compliant units and locations from the Petrobras corporate network. Always observing that cyber security is an essential part of information security;
      4. Providing the necessary resources to maintain technological and administrative Information Security measures;
      5. Adopt Information Security requirements in processes and technologies, right from the start;
      6. Provide the means to identify, prevent and deal with Information Security incidents.

Company employees must:

      1. Use, classify and protect information ethically and securely, in accordance with current standards;
      2. Report possible Information Security incidents through a specific channel.

  1. REGISTRATIONS

Not applicable

  1. ANNEXES

Not applicable