ES

Information security management

Significant milestones in 2018 Main challenges for 2019
Review the catalogue of Information Security threats Define a Comprehensive Security Model (physical and IT) to allow an optimal response to hybrid threats
Implement risk mitigation measures in terms of confidentiality, integrity and availability of information
Review procedure for managing critical incidents in Cellnex Spain and check their effectiveness
Conduct awareness campaigns to reinforce good information security practices

The telecommunications sector needs to be protected from a wide variety of different types of threats to provide a stable and high-quality service to its customers. For this reason, Cellnex has been placing special emphasis on the area of security, whether physical or IT, performing a large number of activities aimed at avoiding and mitigating any possible threat that may affect its service.

Thus, throughout 2018 Cellnex has been preparing to develop a Comprehensive Security Plan that covers all aspects of corporate security regardless of the type of threat, whether physical, IT, or hybrid. A series of actions were rolled out in 2018 to achieve this goal:

  • Revise and refine the catalogue of information security threats to define more precise controls to mitigate the possibility of their occurring, and their impact if they do arise
  • Implement measures to mitigate risks in terms of confidentiality, integrity and availability of information. These were included in the Information Security Master Plan, which covered nine security programmes implemented throughout 2018, which were identified within the Action Plan associated with the Map of Information Security Risks.
  • Review the Cellnex Spain critical incident management procedure and test its functioning and effectiveness by performing cybersecurity exercises.
  • Roll-out awareness campaigns aimed at all Cellnex employees to reinforce messages concerning good Information Security practices.

As a result of these actions, in 2018 there were no data leaks, theft or loss in Spain or Italy, nor were any complaints received in relation to information security and data protection. The new

SECURITY MASTER PLAN PROGRAMMES
BOARD INFORMATION

Preventing data leaks and protecting the information used by Cellnex Board.

MOBILITY

Establishing security controls and applying them in a homogeneous way to different technologies of mobile/portable devices.

ACCESS CONTROL

Classifying the information and implementing security measures in order to handle it (encryption, remote access, data storage policy, etc.).

TRAINING AND AWARENESS

Reinforcing cybersecurity messages as part of the annual Cybersecurity Awareness campaign established by Cellnex.

LEGAL COMPLIANCE

Legal impact analysis and implementation for new applicable Laws & Regulations over Cellnex systems.

CORPORATIVE GOVERNANCE AND TECHNOLOGY SECURITY

Continuous improvement of processes and IT infrastructure to ensure IT security in Cellnex facing existing and new threats.

INTERNATIONAL

Defining and developing a Common Cybersecurity Framework (Policies & IT infrastructure) for Cellnex Corporation and Business Units.

BUSINESS CONTINUITY

Continuous improvement of Business Continuity Processes (Business Impact Analysis, Disaster Recovery Plans, etc.)

Comprehensive Security Plan will continue to be developed in 2019, and will combine physical and IT security to offer an optimal response to hybrid threats (occurring simultaneously through logical channels and physical actions).

Cellnex has an information security policy that reflects the company’s commitment in this area, the necessary steps to be taken to identify and protect information assets, as well as to ensure compliance with applicable rules and regulations. Likewise, since 2011 the company has had an Information Security Management System based on ISO standard 27001.

As part of this Management System, we have an information map to identify and assess risks in order to apply the most appropriate risk treatment strategy in each case, as well as to draw up action plans for mitigation, when deemed necessary, in terms of data confidentiality, integrity and availability.

With regard to the personal data managed by the company, with the entry into force of the new General Data Protection Regulation (GDPR) on 25 May, the Group has made several changes to ensure full compliance. One of the main changes under the GDPR was that it became compulsory to appoint a Data Protection Officer (DPO). In Cellnex these duties will be performed by José María Miralles, the company’s Director of Legal Affairs, who will periodically report to the Ethics and Compliance Committee on the status of GDPR implementation and compliance in the companies of the Group. Because the company fully complied with the previous European regulation and already had a mature and robust system, it has adapted quickly and effectively.

GRI: 416-1, 418-1

 Environment  Bases for the preparation of the report
Download Download as PDF
Management report PDF | 14,3 MB
Download Centre
Other documents
Consolidated Financial Statements PDF | 0,6
Integrated report PDF | 1,8
Services

Utilizamos cookies propias y de terceros para mejorar nuestros servicios y mostrarle publicidad relacionada con sus preferencias mediante el análisis de sus hábitos de navegación. Si continúa navegando, consideramos que acepta su uso. Puede obtener más información, o bien conocer cómo cambiar la configuración en nuestra Cookies Policy. Aceptar