Our commitment is to reach a level of security in our services that guarantees the adequate protection of the information we process, so that that all our customers can use them reliably.
The Telefónica security strategy is based on our Corporate Policy and Norms for Information Security and the Corporate Regulations for Minimum Security Controls. We respect it in the following principles:
- Confidentiality: We guarantee that the data and systems are only accessed by duly authorized persons.
- Integrity: We guarantee the accuracy of the information and systems against accidental or fraudulent alteration, loss, or destruction.
- Availability: We guarantee that the information and systems can be used in the manner and time required.
- Auditability: We guarantee that any action or transaction can be unequivocally related, ensuring compliance with the key controls established in the corresponding norms.
The companies of the Telefónica Group follow the information security guidelines established by the Corporate Committee for Security. The objective of this body is to monitor the continuous improvement in security, guaranteeing homogeneous minimum standards, in accordance to the needs of each business unit.
Its responsibilities also include the establishment of policies, standards, and implementation of procedures for responsible uses and good practices, the monitoring of the compliance with certifications within the companies of the Group, and continuous monitoring with a view to improvement actions.
We perform internal audits on our processes for the protection of personal information and cybersecurity
Reliability and continuity of services
At Telefónica we design and manage our services and infrastructures in order for these to resist and overcome environmental or technological contingencies which happen on a daily basis, with a view to minimizing the impact on our customers.
In addition, where serious incidents or disasters are concerned, we plan our capabilities ahead of time in order to continue offering our products and services at an acceptable, predefined level.
But we not only dedicate the required resources to meeting the expectation of continuity of our customers for the services we offer. We also play a fundamental role in the protection of the critical infrastructures that enable other essential services of society (finance, energy, transportation, emergency services, etc.).
Adequate use of the services
Maintaining an adequate level of security is everyone’s job, even our customers. We expect our customers to use the contracted services in accordance to the law and with what is stipulated in the “policy of adequate use”.
In compliance with current legislation, we implement the viable technical measures aimed at minimizing the negative impact on our services generated by actions with illicit purposes or effects, actions that are damaging to the rights and interests of third parties, or actions that in some way or another try to damage, render useless, overload, or deteriorate the services, computer equipment, and contents, or that try to prevent their normal use by other clients and users of the Internet community.
Many of our customers and users help us improve our services by making them more secure and reliable, or by identifying those activities that have purposes or effects that are contrary to security.
The effort we make to understand the new threats and the latest trends in the digital world as well as to anticipate changes with innovative security solutions, is reflected in a wide range of security products and services.
For this, we have specific capabilities of research and development in Eleven Paths and specific developments for operations, engineering and support in Telefonica Security Engineering.
Get to know more about our performance in 2017 on these topics.
(CVD) Coordinated Vulnerability Disclosure
Telefonica uses the procedures and technologies to prevent vulnerabilities in the products and services that it launches to the market. In case a vulnerability in the product has been founded after the launch, we do everything we can to solve it as soon as possible.
We dedicate internal and external professionals to the continuous search of vulnerabilities in our infrastructure, in collaboration with the community of researchers. We ask them to give us the opportunity to correct the vulnerabilities that they find before publishing them, as we do if we discover them in a third-party product.
This collaboration helps us to protect the interest of clients in their use of updated and safe products.
Therefore, we are committed to report any vulnerability discovered in third-party products or services directly to the suppliers of the affected products, to a national CERT or through any private services that will also inform the supplier in private.
If you are aware of any threat or vulnerability that could affect Telefónica's technological infrastructure, you may contact the Global Cyber Security Incident Response Team (CSIRT) through the following form. You can use our public PGP key to encrypt the information. Many thanks.