Licensing and Certification

Licensing

Company licensed by the National Authority of Communications, ANACOM

Fixed Telephone Service Provider – License ICP-06 SFT/2001

Operator of Public Networks on National Territory – License ICP-09 RPT/2001

Data Transmission Services and Internet Service Provider – Registration ICP-005/2001

Voice-over Internet Service Provider (VoIP) of nomadic use - Declaration ICP-ANACOM no. 09/2009)

Operator authorised to operate the GSM-R System

6/12

Certification

ISO/IEC 27001 Certification

IP Telecom is certified with the ISO/IEC 27001 Certificate of Conformity.


 

The certification concerns the Information Management Security System* of the company’s operational and application processes which support, among others, the Cloud Computing Services, Housing of Racks in Data Processing Centers (CPD) and Hosting of Applications which IP Telecom provides to the market.

As confirmed by the respective Declaration of Applicability, the ISO/IEC 27001 certification is a distinctive qualitative element of the services provided by a company, with special incidence on the services provided by IP Telecom in its Data Processing Centres (CPD) in Lisbon, OPorto and Viseu.

6/12

Information Security Policy

IP Telecom is equipped with an Information Security Management System (SGSI) which translated into the award of the ISO/IEC 27001 Certificate of Conformity.

This System covers the most critical processes, namely the Cloud Computing services, Housing of Racks in Data Processing Centres (CPD) and the Hosting of Applications which IP Telecom provides to the market and which are available in the Datacenters of Lisbon, OPorto and Viseu.

IP Telecom’s Information Security is defined by control mechanisms that suit its needs and reality and which are checked and audited throughout the year by competent entities focused on guaranteeing its confidentiality, integrity and availability. 

The objective of IP Telecom’s Information Security Management System (SGSI) is to guarantee the protection of its information assets, the continuity of its business and the mitigation of its risks, preventing security incidents and reducing their potential impact.

IP Telecom follows an Information Security Policy, aimed at its efficiency, and commits to:

·         Protect information assets against all unauthorized access;

·         Maintain the confidentiality, integrity and availability of information;

·         Comply with legal, legislative, regulatory and contractual requirements applicable;

·         Define, maintain and test Business Continuity Plans;

·         Value employees through training and raise awareness in information security;

·         Report and investigate all incidents related to information security;

·         Guarantee that the Information Security Policy is in line with the risk management strategy defined in the SGSI;

·         Guarantee that all teams are committed to the compliance of the Information Security Policy;

·         Disclose the Information Security Policy to Clients, Suppliers, Partners and Employees;

·         Assess the execution of the Information Security Policy and, within the purpose of continuous improvement, ensure its annual revision, or whenever alterations are deemed necessary.

 

The risk assessment criterion used in the methodology for calculating the risk defined in the SGSI is based on the value of the asset for the business, on the impact of the event on the confidentiality, integrity and availability of the information and on the probability of its occurrence.

The Information Security Policy is supported by other policies and other SGSI documents, including policies for the use of resources, user management and access.

The Information Security Policy must be complied with.