Digitalization brings great opportunities to our societies but the rapid technological development also brings new and accelerated privacy and security-related risks. At Telia Company we have high ambitions within both areas. Our goal is to secure top tier positions on privacy in all our core markets and preferred supplier status thanks to strong security measures by 2023.
Telia Company has adopted a “privacy by design and by default” approach to ensure compliant and transparent management of personal data in all new products and services. Key tools for implementing these principles are, among others, privacy screening of all new initiatives that include processing of personal data and conducting a Data Protection Impact Assessment (DPIA) before carrying out data processing where the processing is likely to result in a high risk to the rights and freedoms of individuals.
Our day-to-day business operations are supported by a privacy team who provide proactive guidance on compliance with GDPR and other privacy laws. In addition, we have a team of Data Protection Officers (DPO), whose task is to monitor whether different areas of business adhere to our privacy standards. Our DPOs also ensure that requests from individuals as well as data protection authorities are responded to in accordance with the GDPR. To build and maintain privacy awareness, all Telia Company employees must complete mandatory privacy training.
Our approach to Security includes both proactive and reactive measures. A “Security by design and by default” approach and mandatory security awareness trainings are two key proactive measures to ensure that security is included as an integrated part of development and maintenance of our products, systems and infrastructure.
Our Global Security Operations Centre (GSOC) employs both proactive and reactive measures with a Group-wide reach. This is done by pen-testing, active monitoring, disrupting, responding to and recovering from cybersecurity incidents at all times. The GSOC is a member of the Forum of Incident Response and Security Teams (FIRST) and is a Trusted Introducer (TF-CSIRT). Global collaboration and information sharing is done with the industry leading CERT forums and locally with the national CERTs. GSOC’s team members maintain industry best standard certifications.
Telia Company has an Information Security Management System (ISMS) according to the ISO/IEC 27001:2013 standard. The purpose with the ISMS is to preserve confidentiality, integrity and availability of information in accordance with Telia Company’s Group Policy – Security. The ISMS scope includes Telia Company Group Security Governance, Enterprise Security Risk Management processes and their supporting systems, specifying requirements on information security and risk management across all organizational entities, with specific products and processes for some markets. The ISMS is continuously maintained, evaluated and enhanced in accordance with customer demands and identified needs.