Security policy
It is the policy of Vodafone Group Plc that the Group and each of its local operating companies are in compliance with ISO/IEC FDIS 27001:2005 (formerly ISO/IEC 17799 & BS 7799) Code of Practice and Specification for Information Security Management. This includes aspects of security related to risk assessment, security policy, organisation, physical and environmental security, asset management, HR (Personnel) security, communication and operation management, access control, information system acquisition development and maintenance, security incident management, specific Fraud Risk and Security topic standards and best practice (e.g. security screening, fraud management).
To comply, each local operating company must:
- Develop, maintain and implement appropriate local security policies and supporting procedures in agreement with national laws and standards
- Publish local security policies in the local section of the Vodafone intranet
- Implement an Information Security Management System (ISMS) appropriate for the business as defined in the Information Security Framework
- Apply appropriate measures to reduce security threats to an acceptable level, in compliance with Group security policies.
It is the responsibility of the CEO of each local operating company to ensure that the approach outlined within this framework is implemented.