In May 2007, PKN ORLEN S.A. obtained a certificate for compliance of its Information Security Management System with the PN-I-07799-2:2005 standard. The certificate was issued by BUREAU Veritas Certification. We are now working on bringing the system in conformity with a new standard, PN-EN ISO 27001:2007.

The principal goal of the system is adoption, implementation and execution of tasks using technical and organisational means which ensure the maximum level of data processing security by protecting data from unauthorised access, breach of confidentiality, theft, or unauthorised modification.

We are well aware of the importance of information and information systems for implementing PKN ORLEN S.A.’s goals, and we declare that in its efforts the Company seeks to ensure information security in all information processing systems, taking into account the interests of the Company and its shareholders as well as of its customers and business partners.

The Information Security Policy and the Information Security Management System procedures lay down the rules of conduct aimed at ensuring security of assets. They have been prepared with a view to maintaining information security standards at the Company, with particular focus on legal compliance and mitigation of risks related to breach of confidentiality, authenticity of data, financial losses, as well as harm to the Company’s image.

The scope of the Information Security Management System is as follows:

• crude oil processing and sale of refining and petrochemical products at all organisational units of the Company excluding service stations.