Information Security consists in protecting information and its supporting assets (systems, networks, infra-structures and other) in three essential aspects: Confidentiality, Integrity and Availability. The protection of information must comply with our company's internal policies regarding information but also with all the applicable national and international laws and regulations.
TheSecurity & Privacy (S&P) programs and processes we have developed and maintain allow us to manage risks related to The availability, integrity, confidentiality, privacy and cybersecurity, related to The information/data, processes/assets or products/services.
NOS’ companies, Departments and employees are responsible for ensuring the operationalization and monitoring of security, privacy and business continuity controls whose implementation is their charge.
NOS’ Core Security & Privacy team is responsible for defining the S&P processes and promoting their implementation in the organization.
The Security & Privacy processes defined are as follows:
| Security and Privacy Incidents | |
|---|---|
Planning and strategy (including Steering Committees of S&P) | Record of processing activities (RPA) |
Policies and body of regulations | Privacy Impact Assessments (PIA) |
Training and Awareness | Subcontractors |
Control and monitoring (including risk assessments, control of S&P initiatives, KRI) | Business continuity and crisis management (BCM) |
Security & Privacy by Design | S&P incidents |
Compliance support (including changes to S&P legislation and/or regulation, supporting departments) | S&P certifications |
S&P objects (inventory and risk assessment of assets, activities and products or services) |
|
Please read NOS General Policy for Information Security.
We follow the best practices in Security Management
Our company was the first in Portugal to earn (since 2006) the ISO 27001 - Information Security Management System.(ISMS).
The current scope of this certification comprehends business processes covering service installation, activation and account management, as well as service requests, billing and collection from communications customers in the market segments: Consumer(B2C) and Business (B2B): The scope also includes security processes related to NOS Data Center services.
Check the Certifications obtained by NOS.
We promote the secure use of our products and services
NOS has developed a number of initiatives, including an internal platform with information about the risks involving security and service fraud and the continuous improvement of risk monitoring and mitigation processes.
We also subscribed to the initiatives promoted by the International Operators Association (GSMA), namely the GSM Association Fraud Forum and the GSMA Security Group.
To learn more about the secure use of our services and equipment, please read the relevant information provided by NOS regarding several topics relating to Security and Prevention.