Security Policy
This policy applies to
All Employees in Vodafone subsidiaries and Joint Ventures with an interest of 50% or more.
Policy objectives
- To provide a strategic, coalescent best practice focus and direction for Fraud, Risk & Security (FRS) functions across all local operating companies.
- To ensure the protection of the Group and all its assets, people and information.
The policy
It is the policy of the Board of Vodafone Group Plc. that the Group and each of its companies are in compliance with ISO/IEC FDIS 27001:2005 (formerly ISO/IEC 17799 & BS 7799) Code of Practice and Specification for Information Security Management. This includes aspects of security related to Risk assessment, Security policy, organisation, Physical and environmental security, asset management, HR (Personnel) security, communication and operation management, access control, information system acquisition development and maintenance, security incident management, specific FRS topic standards and best practice (e.g. security screening, Fraud Management).
To be compliant each local operating company must:
- Develop, maintain and implement appropriate local security policies and supporting procedures in agreement with national laws and standards.
- Publish local security policies in the local section of the Vodafone intranet.
- Implement an Information Security Management System (ISMS) appropriate for the business as defined in the Information Security Framework.
- Apply appropriate measures to reduce security threats to an acceptable level and in compliance with Group security policies.
It is the responsibility of the Local Company Chief Executive Officer to ensure that the approach outlined within this framework is implemented.