Vodafone 2015 Annual Report Download - page 35
Download and view the complete annual report
Please find page 35 of the 2015 Vodafone annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.-
1 -
2
-
3
-
4
-
5
-
6
-
7
-
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25 -
26 -
27 -
28 -
29 -
30 -
31 -
32 -
33 -
34 -
35 -
36 -
37 -
38 -
39 -
40 -
41 -
42 -
43 -
44 -
45 -
46
-
47
-
48
-
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
-
83
-
84
-
85
-
86
-
87
-
88
-
89
-
90
-
91
-
92
-
93
-
94
-
95
-
96
-
97
-
98
-
99
-
100
-
101
-
102
-
103
-
104
-
105
-
106
-
107
-
108
-
109
-
110
-
111
-
112
-
113
-
114
-
115
-
116
-
117
-
118
-
119
-
120
-
121
-
122
-
123
-
124
-
125
-
126
-
127
-
128
-
129
-
130
-
131
-
132
-
133
-
134
-
135
-
136
-
137
-
138
-
139
-
140
-
141
-
142
-
143
-
144
-
145
-
146
-
147
-
148
-
149
-
150
-
151
-
152
-
153
-
154
-
155
-
156
-
157
-
158
-
159
-
160
-
161
-
162
-
163
-
164
-
165
-
166
-
167
-
168
-
169
-
170
-
171
-
172
-
173
-
174
-
175
-
176
-
177
-
178
-
179
-
180
-
181
-
182
-
183
-
184
-
185
-
186
-
187
-
188
-
189
-
190
-
191
-
192
-
193
-
194
-
195
-
196
-
197
-
198
-
199
-
200
-
201
-
202
-
203
-
204
-
205
-
206
-
207
-
208
-
209
-
210
-
211
-
212
-
213
-
214
-
215
-
216
 |
 |
Operational risk
1. Malicious attack on the network/IT infrastructure
Risk description Assessment Mitigation
A successful cyber-attack
on our network could result
in us not being able to deliver
service to our customers,
resulting in serious damage
to our reputation, consequential
customer and revenue loss and
the risk of nancial penalties.
This risk is possible in all markets
in which we operate and has
the potential for signicant
impact. Certain systems operate
at a Group level and as such,
a single attack on one of these
systems has the potential
to impact multiple markets
simultaneously, further
magnifying the impact.
This risk has been separated from
non-malicious network failure
to recognise the greater cross-
market impact a malicious attack
could have on the business.
a We have a well-established global security community; with our Group security function
working closely with our local market security teams
a We work closely with a variety of security communities of interest which include relevant
government bodies, commercial groups, suppliers and enterprise customers
a We are continually assessing our security policies, standards and procedures and adjusting
them so they are commensurate to the threat prole we face. These assessments are used
to create a focused security investment programme that ensures that the required security
controls are in place and are effective
a Each year we run security programmes to identify and deliver additional activities with the
aim of further strengthening our control environment. Our aim is to ensure that our critical
infrastructure is enhanced to reduce the likelihood of unauthorised access and to reduce the
impact of any successful attack
a We manage the risk of malicious attacks on our infrastructure using our global security
operations centre that provides 24/7 proactive monitoring of our global infrastructure
a We have multiple layers of assurance in place. Our activities include regular
technical assurance and audit activities including vulnerability scanning and ethical
hacking programmes
Operational risk
2. Customer data misuse or leakage
Risk description Assessment Mitigation
Our networks carry and store
large volumes of condential
personal and business voice
trafc and data. Failure to protect
or correctly use this data
could result in unintentional
loss of, or unauthorised
access to, customer data.
This could adversely affect our
reputation and potentially lead
to legal action.
This risk is possible in all markets
in which we operate. The impacts
of this risk have the potential
to be major in mature markets
with robust data protection
regulations covering personal
information, voice trafc and data.
Furthermore, we generally hold
a greater volume of condential
personal information in our
mature markets, due to the
higher proportion of customers
paying their bills by automated
bank transfer or credit card.
a We have a data privacy programme aimed at ensuring we use data in our possession
appropriately. The programme is based on existing regulations and internationally
recognised standards
a We closely monitor the data privacy regulatory environment in relevant markets and
implement changes to our processes and procedures as appropriate
a Both the hardware and software applications which hold or transmit condential personal and
business voice and data trafc include appropriate security features
a Security related reviews are conducted according to our policies and security standards,
focused on the highest risk applications and processes
a Our data centres are managed to international information security standards
a Security governance and compliance is managed and monitored through software tools that
are deployed to all local markets
a We have an ongoing awareness communications campaign in place that includes providing
security and privacy awareness training to all Vodafone employees, prior to granting access
to customer data
a We have an assurance programme in place that incorporates both internal reviews and reviews
of third parties that hold data on our behalf
a We are implementing data access management tools to monitor any unauthorised access and
leakage of our condential data
Relative movement within Group principal risks:
Increased
Relative movement within Group principal risks:
Increased
Overview Strategy review Performance Governance Financials Additional information Vodafone Group Plc
Annual Report 2015
33