We guarantee the Confidentiality, Integrity and Availability of the information based on the following pillars:
The head of security at the Company is the Global Chief Security and Intelligence Officer (the Global CSO), who has been delegated, by the Company’s Board of Directors, the authority and responsibility to establish the global security strategy
We have tools, capabilities and procedures to manage the full cycle of potential cyber security incidents: detection, mitigation, recovery, notification and lessons learned.
Supply chain security
At Telefónica we have security requirements for our suppliers and we identify and monitor the risks associated with the provision of a service/product.
To manage security in the supply chain, the use and evolution of the 3PS+ digital platform to manage and monitor security throughout the supplier lifecycle is encouraged. Security requirements are reviewed annually in line with updates to national and international standards, as well as including those associated with new technologies.
At Telefónica, we design and manage our services and infrastructures in such a way that they are able to withstand and overcome the various environmental or technological contingencies that occur on a daily basis, without affecting our customers.
Maintaining an adequate level of security is everyone’s job, including our customers’. We expect our customers to use the contracted services in accordance with the law and the stipulations of the “Acceptable Use Policy” included in the contract.
Our efforts to understand new threats and trends in the digital world, and to anticipate changes with innovative security solutions, are reflected in a wide range of security products and services.
Safety certifications on products and services are maintained. Our Information Security certifications cover the following geographies:
- Spain: https://www.telefonica.es/es/nosotros/telefonica-en-espana/politica-de-calidad/certificados/
- Brazil: ISO27001 certification is maintained and we have even extended the scope, now in addition to the Vulnerability Management process we have the MDR (Managed Detection and Response) Process certified.
- Germany: we have ISO27001 certification.
- Colombia: https://www.movistar.co/web/portal-col/atencion-cliente/proteccion-al-usuario/regulacion_proteccion/alcance-sgi
- Ecuador: We have ISO27001 certification, we have 4 services certified within this scope. Moreover, the certificate itself is a guarantee of the existence of the ISMS.
- Peru: we have two ISO27001 certifications in force.
If you are aware of any vulnerability or threat that could affect Telefónica’s technological infrastructure, you can contact us using the following form. You can use our PGP public key to contact us by mail and encrypt the information.