|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Abstract]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|Risk
and Management
In connection with risk and vulnerability management, we engage third parties with cybersecurity expertise to identify, address, and mitigate cybersecurity risks. With the assistance of these third parties, we conduct penetration testing and assess existing threat actors, addressing identified vulnerabilities, within established mitigation deadlines.
We have implemented a cybersecurity management system based on our Cyber & ICT Security organizational structure (“ICT” referring to information and communication technology), as outlined below. This system involves direct oversight and reporting to our C-level Business Support Officer (BSO), who, in turn, reports to our CEO. Our ICT risk management activities encompass processes for identifying, addressing, and assessing solutions for cybersecurity risks, monitoring the security of public telecommunications networks, data centers and business networks; managing security incidents with a focus on cyber security threat; and overseeing business continuity and crisis management efforts.
The organizational structure of our Cyber & ICT Security system is detailed below:
Our organizational structure for managing cybersecurity risks comprises the following activities and processes:
Cybersecurity Expertise
Our Cyber & ICT Security team consists of highly qualified professionals with extensive experience in Information Security and the telecommunications sector. The Cyber & ICT Security officer and direct staff have over 20 years of expertise in information technology, corporate security, information security, and business continuity, leveraging prior experience to lead our cybersecurity initiatives and mitigate cyber risks effectively.
Compliance and Cybersecurity Frameworks
Our Cyber & ICT Security processes align with internationally recognized standards, including ISO 27001, which outlines best practices for information security management, as well as CIS8 (Internet Security Center) and NIST (Cyber security Framework), which provide controls to manage and reduce cybersecurity risk. We have established a cybersecurity policy that sets strategic risk control guidelines, defines security responsibilities and establishes requirements for employees, suppliers, and business partners, regarding the secure handling of information, including personal and sensitive data, and related ICT assets. We obtained ISO 27001 certification in 2022 and successfully completed ISO 27001 recertifications in August 2023 and September 2024.
|Cybersecurity Risk Management Processes Integrated [Flag]
|false
|Cybersecurity Risk Management Processes Integrated [Text Block]
|With the assistance of these third parties, we conduct penetration testing and assess existing threat actors, addressing identified vulnerabilities, within established mitigation deadlines.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|Vulnerability Management and Threat Mitigation
We maintain a dedicated vulnerability management team responsible for coordinating and prioritizing actions to mitigate identified vulnerabilities. To complement this effort, we engage, external cybersecurity experts to conduct comprehensive penetration tests, assessing the effectiveness of our defenses and identifying areas for improvement. Additionally, we operate a bug bounty program, that incentivizes independent researchers and ethical hackers to report vulnerabilities in our systems, further strengthening our security posture. All identified, vulnerabilities whether through external partners or the bug bounty program, are assessed and prioritized by our team, which develops and implements mitigation strategies for the most critical issues, ensuring the continuous protection of our ICT assets and resilience against cyber threats.
Incident Management and Regulatory Compliance
We have a structured cyber incident management process, to address security events and incidents, including those that may impact our services. This process includes evaluating and monitoring risks associated with partners and suppliers, with third-party engagement governed by contractual requirements. Additionally, we maintain reporting processes in compliance with ANATEL regulations, which are triggered based on predefined thresholds, considering the highly regulated nature of telecommunications sector.
In 2024, we did not experience any significant cybersecurity incidents that impacted our business strategy, operational results or financial condition, nor did we trigger any ANATEL reporting requirements.
Board Oversight and Strategic Cyber Risk Management
Our Board of Directors reviews cybersecurity risks annually and receives a presentation from our Cyber & ICT Security function, outlining key initiatives, risk control measures, and mitigation strategies. In 2024, the Board was presented with an overview of cybersecurity risks and monitored our progress in addressing key opportunities for improvement.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|We maintain a dedicated vulnerability management team responsible for coordinating and prioritizing actions to mitigate identified vulnerabilities.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|To complement this effort, we engage, external cybersecurity experts to conduct comprehensive penetration tests, assessing the effectiveness of our defenses and identifying areas for improvement.
|Cybersecurity Risk Role of Management [Text Block]
|We have a structured cyber incident management process, to address security events and incidents, including those that may impact our services.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Our Board of Directors reviews cybersecurity risks annually and receives a presentation from our Cyber & ICT Security function, outlining key initiatives, risk control measures, and mitigation strategies.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Our Cyber & ICT Security team consists of highly qualified professionals with extensive experience in Information Security and the telecommunications sector. The Cyber & ICT Security officer and direct staff have over 20 years of expertise in information technology, corporate security, information security, and business continuity, leveraging prior experience to lead our cybersecurity initiatives and mitigate cyber risks effectively.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|the Board was presented with an overview of cybersecurity risks and monitored our progress in addressing key opportunities for improvement.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef