Global Security Policy

Our Global Security Policy is the guiding framework for Digital Security (Cybersecurity), Physical Security, Business Continuity and Crisis Management, Supply Chain Security and Fraud Management in the commercial catalogue for all Telefónica Group companies.

30/11/2023

This policy outlines the principles, organisational structure, and strategic plans that guide our commitment to safeguarding data and digital assets. We strongly encourage you to explore this policy, which shows our dedication to creating a secure and resilient digital environment for all our stakeholders. Below is a summary of each section of the policy.

Introduction

The introduction sets the stage for Telefónica’s commitment to security. In an increasingly digital world facing both traditional and sophisticated threats, this is crucial. It acknowledges the rising regulatory requirements and customer expectations concerning privacy and security. Telefónica aims to protect not just individual users but also its business clients, critical infrastructures, and public organisations. Our Global Security Policy serves to establish the general provisions and guiding principles for security matters. This is applicable across all Telefónica Group companies. It emphasises that security is a comprehensive concept, integral to the organisation’s vertical and horizontal dimensions. The introduction also states that we will review the document periodically to maintain its relevance and effectiveness.

The principles of our Global Security Policy

The principles section outlines the foundational tenets that guide Telefónica’s approach to security. These principles are:

  • Principle of legality: Telefónica is committed to complying with both national and international laws and regulations related to security in the territories where it operates.
  • Principle of efficiency: We adopt a proactive and preventive stance rather than a reactive one. It focuses on understanding potential threats and risks through an ongoing intelligence process. The aim is to anticipate and mitigate risks to an acceptable level for the business.
  • Principle of co-responsibility: Employees are expected to preserve the security of assets provided by Telefónica. They should adhere to the security criteria, requirements, procedures, and technologies defined in the Security Regulatory Framework, as well as applicable laws.
  • Principle of cooperation and coordination: Telefónica emphasises the need for cooperation and coordination among all business units and employees. This is to generate synergies and strengthen joint capabilities in security.

We define a global corporate security regulatory framework to achieve a standardised level of security. We develop strategic plans to identify and prioritise the projects and budgets necessary to reach appropriate security levels.

Security organisation

The highest representative of this organisation is the Global CSO – Chief Security Officer, whose mission is to ensure the efficient and effective protection of the Group’s assets. This officer is responsible for defining and coordinating the roles of Security Officers at both global and local levels. Each Telefónica Group company will have a Security Officer assigned to it, based on what is most efficient and effective for that particular case.

For coordination, a Global Committee for Security is established, presided over by the Global Chief Security and Intelligence Officer. This committee includes Security Officers from various functions, companies, or territories, as well as other necessary departments. Local and functional Security Sub-Committees also exist, following the guidelines set at the global level.

The Global CSO – Chief Security Officer reports to the Board of Directors and its Audit and Control Committee, providing updates on the state of the Group’s security and outlining strategic plans and measures to maintain an efficient level of security.

Security regulatory framework

This section serves as a comprehensive guide that aligns with Telefónica’s overarching policy for regulatory organisation. It addresses various key areas, including the territorial and functional organisation of security within the Telefónica Group, role delineation, and operational principles. The framework sets out objectives, goals, and the security criteria, requirements, and technologies that should be applied across all of Telefónica’s platforms. A key aim is to ensure a “trusted” technological environment.

The framework is designed to be globally applicable but allows for local variations, provided they adhere to minimum global standards. It mandates compliance with national and international laws and ensures that contractual agreements with stakeholders align with these security regulations.

The Global Chief Security and Intelligence Officer holds the authority for global interpretations and developments under this framework, while local Security Officers have similar powers for local regulations. The framework will be disseminated to all employees and relevant third parties through awareness campaigns and training initiatives.

Strategic plans & audit

The Global Chief Security and Intelligence Officer oversees Telefónica’s strategic security plan, while subordinate Security Officers develop additional plans in alignment with it. These plans aim to prioritise security projects and allocate budgets. In addition, the Internal Audit Directorate may conduct audits to ensure compliance and suggest improvements.

You can consult the policy and information regarding Security in our Global Transparency Center.


Communication

Contact our communication department or requests additional material.