Security and Privacy

Information Security consists in protecting information and its supporting assets (systems, networks, infrastructures and other) in three essential aspects: Confidentiality, Integrity and Availability. The protection of information must comply with our company's internal policies regarding information but also with all the applicable national and international laws and regulations.

As regards the ISM – Information Security Management programme, NOS created an Information Security Committee (GRC – Governance Risk and Compliance Committee) which was assigned by the Executive Committee the task of monitoring risks associated with security, proposing regulations and promoting awareness-raising initiatives, among other duties.

Under the Committee’s supervision, different business units develop a plan of internal initiatives with a view to consolidate controls and processes for the management of Information Security.

Security initiatives vary in nature, such as the development of Policies and Regulations, the management of projects to implement security processes or technologies, the production of indicators, carrying out training and awareness-raising actions, etc.

Learn about the NOS Security Principles.

Our company was the first in Portugal to earn, since 2006, the ISO 27001 – Information Security Management System - ISMS certification. The current scope of this certification focuses on the business processes "Customer Management" and "Invoicing and Collecting" associated with NOS' customers of fixed and mobile communications services in the market segments: Home, Personal, Business (with special emphasis on Corporate clients) and Wholesale.

The current scope of the certification includes the business processes "Customer Management" and "Billing and Charging" for fixed and mobile service clients of NOS, in the market segments: Residential, Personal, Business (with primary focus on Corporate clients) and Wholesale. The scope also includes the security processes associated with the “Housing” services provided at NOS Data Centres in Lisbon and Oporto.

The ISO27001 standard includes a domain dedicated to Business Continuity Management (BCM), and NOS has control objectives that determine the definition of Business Continuity Plans (BCPs) for the business processes targeted by the certification.

Check all the certifications obtained by NOS.

NOS has developed a number of initiatives, including an internal platform with information about the risks involving security and service fraud and the continuous improvement of risk monitoring and mitigation processes.

We also subscribed to the initiatives promoted by the International Operators Association (GSMA), namely the GSM Association Fraud Forum and the GSMA Security Group.