Cellnex has developed a Global Integrated Management System to integrate: quality, environment and health and safety. In addition to these three pillars, further management systems will be added in future. Cellnex also has a Global Information Security Management System, which is expected to be integrated into the Global Integrated Management System over the next year.
The Global Integrated Management System serves as a framework for adopting a systematic approach to the implementation of processes to ensure their effectiveness; establishing procedures to ensure the quality of the services provided; ensuring that business is conducted in accordance with the requirements set out in the reference standards on quality, environment, health and safety at work and information security, as well as the legislation in force; and, obtaining ISO standard certifications for Cellnex.
In this way, the Global Integrated Management System enables new business opportunities, facilitates the implementation of the Cellnex Industrial Model, enables continuous improvement and stakeholder engagement.
The Global Integrated Management System is currently implemented and certified in seven of Cellnex's business units plus Corporate. This means that the geographical scope of certification is currently France, Ireland, Portugal, Switzerland, the Netherlands, the United Kingdom and Poland, the latter two being the new business units included in the scope of global certification during 2022.
Moreover, Italy and Spain also have implemented and certified management systems which, owing to their maturity, they maintain locally. Integration into the Global Integrated Management System is planned for the coming years.
Considering the Information Security Management System, this system was the first to be certified globally at Cellnex in 2019 and since then we have been working to include all the business units of the Cellnex footprint in the scope of the system. In 2022, three new countries: Austria, Denmark and Sweden were included in the scope of certification. With these additions, there are now 11 certified countries plus the Corporation: Spain, Italy, Switzerland, Netherlands, France, United Kingdom, Ireland, Portugal, Austria, Denmark, Sweden and the Corporation.
"Being a company certified in internationally recognised standards helps Cellnex to provide high-quality services and to forge strategic alliances, gives confidence to our main stakeholders, and offers new opportunities that promote our business and growth in a sustainable way."
Anna Villa, EHS-Q EXPERT - Cellnex CorporateCellnex Group has a Global Quality Policy which its basic principle is to provide high-availability and high-quality services as a neutral operator of wireless telecommunications infrastructures. In this sense, the Board of Directors established the Quality and Certifications strategy and its commitment to the application of best practices in the countries in which the Company operates and on the basis of international reference standards.
Quality enhances Cellnex's brand and reputation, protects it against risks, increases its efficiency, boosts its profits and positions it to continue growing in a strong and sustainable way, all focused on the customer experience and the confidence of Cellnex's stakeholders. Through Quality, Cellnex contributes to its sustainable development and is consistent with the Company's mission, vision, values, objectives and strategy.
Cellnex’s quality objectives are to promote a quality culture through Cellnex values, awareness and training at all levels, to achieve the highest levels of quality and commitment to the customer, to enhance the perception of stakeholders by innovating and improving products and services, to ensure quality throughout the value chain and supply chain, to promote a culture of continuous improvement by guaranteeing methodologies and procedures to ensure that improvement opportunities that arise are properly managed, and to lead exemplary practices to commit to all the Sustainable Development Goals. Against this background, Cellnex focuses on stakeholder needs and expectations, offers high-quality services, satisfies customers and continuously improves its services and management using a Plan-Do-Check-Act model.
In accordance with the Global Quality Policy, Cellnex devised a two-year Quality Master Plan (2021-2022) applicable to the whole company. This Quality Master Plan is defined on the basis of five strategic lines: Customer centric; Continuous improvement and business excellence; Leadership and commitment; Interest groups; Continuous evaluation. These strategic lines are split into seven initiatives.
Implementing a Global Management System that encompasses all Cellnex's business units makes the maintenance and renewal of certifications more efficient because it involves a single certification process. In addition, it takes advantage of synergies and eliminates redundancies. Accordingly, based on the Global Integrated Management System, the Quality and Certifications Department has focused its work on implementing global certifications in non-certified countries. To do so, Cellnex has a Certification Catalogue that is used as a tool that indicates the exact certification status of all business units and their expiration year.
During 2022, the Quality & Certifications Department worked jointly with the business units on the maintenance of the certifications of the countries included within the scope of the Global Integrated Management System, which as already mentioned are: France, Ireland, Portugal, Switzerland, the Netherlands and Corporate. In addition, two new countries were included in the scope of global certification this year: Poland and the United Kingdom; the UK moved from a local Integrated Management System to the Global one.
In addition to global certifications, Cellnex is certified locally under other international standards such as energy efficiency (ISO 50001), service management (ISO 20000-1), National Security Scheme for the Smart Brain service in Spain, and SA 8000 Social Responsibility, Gender Equality and EASI Model in Italy.
Standard |
Expiry date |
||||||||||||
ISO 9001 Quality Management System |
|||||||||||||
2025 |
2025 |
2024 |
2025 |
2025 |
2025 |
2025 |
2025 |
2025 |
2025 |
||||
ISO 14001 Environmental Management System |
|||||||||||||
2025 |
2025 |
2023 |
2025 |
2025 |
2025 |
2025 |
2025 |
2025 |
2025 |
||||
ISO 45001 Occupational Health & Safety Management System |
|||||||||||||
2025 |
2025 |
2025 |
2025 |
2025 |
2025 |
2025 |
2025 |
2025 |
2025 |
||||
ISO 27001 Information Security Management System |
|||||||||||||
2026 |
2026 |
2026 |
2026 |
2026 |
2026 |
2026 |
2026 |
2026 |
2026 |
2026 |
2026 |
||
ISO 14064 Carbon Footprint |
|||||||||||||
2024 |
2024 |
2024 |
2024 |
2024 |
2024 |
2024 |
2024 |
2024 |
2024 |
2024 |
2024 |
2024 |
|
ISO 14046 Water Footprint |
|||||||||||||
2024 |
2024 |
2024 |
2024 |
2024 |
2024 |
2024 |
2024 |
2024 |
2024 |
2024 |
2024 |
2024 |
|
SA 8000 Social Responsibility |
|||||||||||||
2024 |
|||||||||||||
UNI/PdR 125:2022 Gender equality |
|||||||||||||
2025 |
|||||||||||||
Modello EASI |
|||||||||||||
2023 |
|||||||||||||
ISO 50001 Energy |
|||||||||||||
2023 |
|||||||||||||
ISO 20000-1 Service Management |
|||||||||||||
2023 |
|||||||||||||
National Security Scheme - Smart Brain |
|||||||||||||
2024 |
On 27 April 2022 the Cellnex Board of Directors amended the Global Risk Management Policy for all Cellnex Group companies. The approval of this policy also established the strategy for Global Risk Management and its commitment to the application of best practices in the countries in which the Company operates, based in turn on international reference standards.
Cellnex operates in accordance with international reference standards and voluntary initiatives that include, among others:
Likewise, the provisions of the Company's global Integrated Management System and the requirements of the ISO standards in which it is going to be certified in terms of risk management are also taken into account. In that connection, the Global Risk Management Policy highlights the Company's efforts to mitigate the inherent risks that may affect the business, thus guaranteeing the continuity of each of its projects and actions. It also promotes the creation of sustained value in the short, medium and long term for all the company's stakeholders, while demonstrating its commitment to reducing adverse impacts on economic activity.
The Cellnex Board of Directors has focused its work on defining the risk management strategy, supervising its application and monitoring it, as well as promoting best corporate governance practices. As a function entrusted by the Board of Directors, the Audit and Risk Management Committee (ARMC) supervises the effectiveness of the Global Risk Management Model and the information provided to third parties, and must ensure that the risk management framework identifies, prioritises, controls, monitors and reports them properly. Moreover, in 2022 a new Global Risk Committee was established, formed by all functional Corporate departments, advised by the internal audit unit; this Committee meets quarterly.
The Global Risk Management department is the main one responsible for the optimal deployment of the risk management methodology within the organisation, ensuring monitoring and compliance. The Global Risk Management function is based on anticipation, independence and commitment to the Group's business objectives, guaranteeing the robustness of the Global Risk Management Model through a risk assessment methodology aligned and adapted to the needs of the risk function and of the Company.
Risks are events that may have an impact on the achievement of the strategic objectives established by the Board of Directors, so these must always be considered for risk management in order to guarantee the resilience of the organisation.
1. Identify the risks: identification and preparation of the risk inventory. Risks are classified using the four categories of the COSO methodology:
2. Assess risks: carry out an assessment of the risks identified both at corporate level and in the business units. Risks are assessed considering their impact, and the probability of their occurrence. The potential impact of a risk should be considered on the basis of the following variables:
3. Define risk responses: definition of a response to address or mitigate these risks in order to achieve acceptable risk levels. The possible answers are framed in the options indicated as follows: avoid, transfer, accept and reduce. If the answer is reduce, define internal controls where possible.
4. Monitor risks: check that risk levels, once a risk response has been applied, match the risk appetite defined by the organisation.
5. Continuous improvement: continuous monitoring and review of the process to achieve improvements in the risk management life cycle.
In order to carry out correct risk management, it is important to analyse both the possible external and internal factors that could lead to an event having an impact on the Cellnex Group's objectives.
The governance of the Global Risk Management Model is configured taking the best international practices as a reference. It is based on a combined assurance around the Three Lines Model, providing an integrated vision of how the different parts of the Cellnex Group organisation interact effectively and in a coordinated manner, making the Group's risk management and internal control processes more efficient.The Global Risk Management framework is based on the application of the Three Lines Model:
For day-to-day operational risk management at Cellnex, the Risk Management Department implemented a Global Risk Management Master Plan 2021-2023. All initiatives identified for 2022 have been completed. One of these relates to the SAP GRC, where the activities carried out in 2022 were:
Regarding the Business Continuity Management System, in 2022, work was done to establish the Framework (Business Continuity policy, BIA of products and services, critical processes and activities, necessary resources, etc.), and during 2023 work will be done with some Business Units to deploy the business continuity management system after adapting it to their needs.
Regarding the Risk Management Communication Plan, training and awareness-raising actions on the new risk management methodology were carried out in 2022, with the Risk Partners, to support them as Second Line. In addition, training and awareness-raising actions on the new risk management methodology were also carried out in the corporate departments during the risk assessment process.
Cellnex has received the award for good practices in financial information from the Catalan Association of Accounting and Management (ACCID), an entity founded by the College of Economists of Catalonia and the College of Chartered Accountants of Catalonia. The Award, presented at the 19th edition of the ACCID Awards, recognises the quality and transparency of the Company's annual report. Specifically, it values information on the situation and risk management, intangible assets (including intellectual capital), the environment and the social dimension, among others.
There follows a list of the main risks that may affect Cellnex Group business and the achievement of its objectives.
Strategic risks |
I) |
Risks related to the environment in which the Group operates and risks stemming from the specific nature of its businesses. |
|||
II) |
Risks of increasing competition. |
||||
III) |
The Group’s status as a “significant market power” (SMP) operator in the digital terrestrial television (DTT) market in Spain imposes certain detrimental obligations on it compared with its competitors. |
||||
IV) |
Industry trends and technological developments may require the Group to continue investing in adjacent businesses to telecommunication towers, such as fibre, edge computing and small cells. |
||||
V) |
Spectrum is a scarce resource and it is highly dependent on political decisions. Access may not be secured in the future, which would prevent the Group from providing a high portion of its services in accordance with its plans. |
||||
VI) |
Risk related to a substantial portion of Group revenue being derived from a small number of customers. |
||||
VII) |
Risk of infrastructure sharing. |
||||
VIII) |
Risk of non-execution of the entire committed perimeter. |
||||
IX) |
The expansion or development of the Group's businesses, including through acquisitions or other growth opportunities, involve a number of risks and uncertainties that could adversely affect operating results or disrupt operations. |
||||
X) |
Risks inherent in the businesses acquired and the Group’s international expansion. |
||||
XI) |
Risk related to the non-control of certain subsidiaries. |
||||
XII) |
Risks related to execution of Cellnex's acquisition strategy. |
||||
XIII) |
Regulatory and other similar risks. |
||||
XIV) |
Litigation. |
||||
XV) |
Risk related to the Parent Company’s significant shareholders’ interests differing from those of the Group. |
||||
Operational risks |
XVI) |
Risks related to the industry and the business in which the Group operates. |
|||
XVII) |
Risk of not implementing the strategic sustainability plan. |
||||
XVIII) |
Risks related to maintaining the rights over land where the Group’s infrastructures are located. |
||||
XIX) |
Failure to attract and retain high quality personnel could adversely affect the Group’s ability to operate its business. |
||||
XX) |
The Group relies on third parties for key equipment and services, and their failure to properly maintain these assets could adversely affect the quality of its services |
||||
Financial risks |
XXI) |
Financial information. |
|||
XXII) |
Expected contracted revenue (backlog). |
||||
XXIII) |
Foreign currency risks. |
||||
XXIV) |
Interest rate risk. |
||||
XXV) |
Credit risk. |
||||
XXVI) |
Liquidity risks. |
||||
XXVII) |
Inflation risk. |
||||
XXVIII) |
Risk related to the Group's indebtedness. |
||||
XXIX) |
The Parent Company cannot guarantee that it will be able to implement its Shareholders' Remuneration Policy or to pay dividends (and even if it were able to, that it would do so). |
||||
Compliance risks |
XXX) |
Fraud and compliance risks. |
|||
XXXI) |
Risk associated with significant agreements signed by the Group that could be modified due to change-of-control clauses. |
Further detailed information, please see Annex 1. Risks.
Uso de cookies
Utilizamos cookies propias y de terceros para analizar nuestros servicios y mostrarle publicidad relacionada con sus preferencias. Pulsando “Configurar” puede seleccionar las cookies que se instalarán en su dispositivo. Pulsando “Aceptar” consiente su instalación y el uso de todas las cookies que utilizamos. Puede obtener más información aquí.
ACEPTAR COOKIES Configuración de cookies