To whom does it apply?

The rules contained in this document apply to all companies, departments and information/assets/processes controlled by the NOS Group, unless explicitly defined otherwise. Compliance with these rules is mandatory for all employees, including internal employees and partner’s (service providers) employees.

Under the present context, this General Policy applies to all of NOS Group’s electronic communications companies (NOS Comunicações, NOS Açores Comunicações, NOS Madeira Comunicações, NOS Wholesale), for the purposes of compliance with the “Regulation on the security and integrity of electronic communications networks and services” and to the extent that the obligations provided for in this Regulation are applicable to the aforementioned companies.

What is the objective? 

1. To define Information Security principles mandatory to Employees, Suppliers and Partners

• Guaranteeing protection and classification of information and related supporting assets;
• Ensuring information protection is in compliance with internal policies as well as laws and regulations;
• Upholding the core values of democracy and freedom, while maintaining a non-intrusive attitude;
• To guarantee the fundamental right of individuals to privacy, particularly the protection of personal data belonging to customers;
• Ensuring development, implementation and periodic reassessment of policies, processes and controls, incorporating security and privacy measures;
• Carrying out adequate management of incidents that may jeopardise information security, the protection of personal data or business continuity;
• Assessing and monitoring security risks on a regular basis;
• Promoting awareness, training and certification of Employees in areas related to Security and Privacy;
• Maintaining an integrated system of Internal Control and Information Security Management;
• Incorporating Security and Privacy into business processes and objectives as a differentiating and competitive factor for customer satisfaction and trust;