A working group identifies, analyses and addresses stakeholders' concerns and wishes and (potential) issues, risks and opportunities. The most important stakeholders have been identified and grouped (see Stakeholder overview). For each stakeholder group we have worked out the key themes in relation to which they have expectations of us and the points they regard as issues. We examine internally for each theme the extent to which these issues apply to us and where there is a discrepancy between what stakeholders expect and what we are supplying or doing. By analysing and tackling this as systematically as possible, we prioritise our activities based on what is relevant for the environment in which we operate. We then inform our stakeholders of developments and improvements using various channels, including the website, press releases, individual discussions, the corporate blog, this integrated report and the sustainability newsletter, which is published four times a year. Once every six to eight weeks relevant developments in relation to stakeholders and the themes relevant for them are discussed in a steering group comprising the CEO, CFO and the Director of Corporate Affairs & Strategy, supplemented by other members of the Board of Directors depending on the agenda.
Effective issue, risk and crisis management
Issue management is a natural extension of stakeholder management. It is mainly about identifying issues in good time and ensuring that they are resolved. Effective risk management enables us to identify hidden risks that are not self-evident in our day-to-day operations and to mitigate these risks by taking action. In 2010 we started employing a structured approach to risk management. Our approach is based on the COSO Enterprise Risk Management system. This supports us with risk evaluation, risk monitoring for risks that regularly arise within the company, and the monitoring of and reporting on procedures and systems. A steering group advises the risk management committee, which is made up of members of the Board of Directors, on the key risks and the measures that need to be taken to mitigate or eliminate these risks. In addition to Risk Management, Vodafone also introduced Business Continuity Management in September 2012. This involves organising processes in such a way that disasters and setbacks, such as fires, flooding and major power failures, are identified quickly and managed to allow the situation to be rectified quickly. Everything revolves around making sure that we can continue to provide our services, even in the most difficult of circumstances. Vodafone has a strategy for dealing with unforeseen, far-reaching events. Senior and middle management receive annual training in the area of crisis management. The communication department conducts crisis communication exercises on a regular basis. See the risk analysis in the How we create value section.
At Vodafone Netherlands two departments are responsible for managing information security: Corporate Security and Technical Security. Corporate Security is headed by the Director of the Corporate Affairs & Strategy business unit. This department is responsible for physical security, the lawful interception of telecommunications traffic, compliance with our retention obligation, the combating and prevention of fraud, and examination of and compliance with our security policy. Technical Security is part of the Technology business unit and is headed by the Chief Technology Security Officer, who reports to the Chief Technical Officer. This department is responsible for the technical controls relating to the mobile and fixed network, the systems supporting the IT infrastructure and the associated processes. We participate in various consultation structures aimed at improving digital security, including Telecom ISAC, the National Cyber Security Centre (NCSC), the National Coordinator for Counterterrorism and Security (NCTV) and the Platform Internetveiligheid [Internet Security Platform] of ECP.
The management of information security is structured by means of three processes:
- The incident management process ensures structured incident reports are produced and adequate follow-up takes place.
- The service level management process ensures that security requirements are recorded in all service level agreements (SLAs) that underlie contracts, in accordance with legislation and internal or external policy.
- The change management process ensures that the security requirements are taken into account when changes are made to the infrastructure and that the basic security level is not adversely affected by changes.
The policy covers, amongst other things, security incident management and reporting, access and changes to the production system standard, physical transport of information and assets, network security, remote access, measures to combat malware, information security of third parties, the data deletion standard, encryption implementation, identification, authentication and authorisation. Vodafone Netherlands is assessed annually in relation to this policy by internal and external organisations. In the event of non-compliance or of gaps being identified, a mitigation plan is drawn up and implemented.
Purchasing for all Vodafone subsidiaries, including Vodafone Netherlands, is largely carried out by Vodafone Group Plc. Vodafone Group Plc has 45,000 suppliers, while Vodafone Netherlands has over 3,000. Vodafone employs the same ethical purchasing code globally, which includes requirements relating to people and the environment. This code states that suppliers must also encourage their own suppliers and subcontractors to work in accordance with the code. The code forms part of the purchasing contract. This table shows the three categories of suppliers which supply products and services to us.
The Vodafone Group is an active member of the Global e-Sustainability Initiative (GeSI), a multi-stakeholder organisation that promotes international collaboration in the area of sustainable development. In addition, Vodafone Netherlands endeavours to promote responsible chain management via VNO-NCW and Nederland ICT. More information on the Vodafone Group's reporting can be found at the Vodafone website.
|Category||Telecom providers||Handset suppliers||Other|
|Place of origin||International||China, South-East Asia||Mainly the Netherlands|
|Products/services||Services in the form of network connections for roaming and interconnect||Mobile phones and tablets||Services, hardware, software|
|Suppliers||Dutch telecom providers: KPN and
T-mobile, Vodafone Group, international
|12 producers of mobile phones and tablets||Network development: Ericsson
Facility services: Facilicom
ICT: Amdocs, HP
Employment agency: Randstad
Marketing and communication: various offices