Information Security consists in protecting information and its supporting assets (systems, networks, infrastructures and other) in three essential aspects: Confidentiality, Integrity and Availability. The protection of information must comply with our company's internal policies regarding information but also with all the applicable national and international laws and regulations. It should also consider the service requirements documented in the SLAs, contracts or operating agreements with customers.
NOS’ Security Policy establishes the principles of Information Security to be observed by NOS' Employees, Suppliers and Partners. It also defines the different security levels and domains and their respective control objectives. This Policy is voluntarily based on the adaptation of recommended international standards, such as ISO 27001 and the Technical Guidelines for Security Measures of ENISA - European Network and Information Security Agency.
Please refer to our General Policy for Information Security.
NOS Information Security Principles
- Ensuring the protection and the classification of information and its supporting assets in all three fundamental pillars - confidentiality, integrity and availability - according to their criticality to the organisation;
- Ensuring that the protection of information complies with both the internal policies of our company regarding information and all laws, regulations, customer requirements and others external to the organization;
- Upholding the core values of democracy and liberty, through a non-intrusive attitude of security towards the organisation and individuals;
- Guaranteeing the fundamental right of individuals to privacy, particularly the protection of personal data belonging to customers, employees and other personal data subjects;
- Ensuring the development, implementation and periodic review of specific policies and standards, as well as processes and controls, incorporating security and privacy measures as an essential element for the protection of information assets against internal and external threats;
- Performing an adequate management of security incidents through processes put in place to prevent, detect, record, report, process and investigate any incidents and vulnerabilities that might compromise the security of information, the protection of personal data or disrupt business continuity;
- Periodically carrying out the assessment and monitoring of security risks so as to enable identification and management of risks and ensure that the controls in place are well adjusted to the organisation’s framework;
- Promoting awareness training and certification of employees in the field of Information Security, so that they develop a sense of responsibility in these matters also;
- Maintaining an integrated system of Internal Control and Information Security Management to ensure that the organisation´s resources are managed in a sound, effective and efficient manner;
- Incorporating Information Security into the organisation´s processes and business objectives as a necessary condition to earn our customers’ satisfaction and trust , and also as a differentiating and competitive factor.