Tracker Metricool
Where are you visiting us from?
Centro de relevo
Audio:: Audio
Font size:
  • A
  • A
  • A
Contrast: Contrast
Consulta y paga tu factura
Consulta y paga tu factura
Peticiones, quejas y reclamos
Peticiones, quejas y reclamos
Chat with luzia
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+

Material theme

Cybersecurity

We act with a vision of the future

1/0
Home > Sustainability > Cybersecurity

Cybersecurity

All the cybersecurity actions we develop and
deploy enable us to ensure service continuity.

 

In line with our corporate strategy, we work to minimize the risks of cyberattacks that could affect our operations and safeguard the security and integrity of all our assets. All the actions we develop and deploy in terms of cybersecurity allow us to guarantee continuity of service.

 

To manage this issue, we have various elements that make up our management framework at Celsia. In this context, we highlight the following practices, processes, instances and procedures:

We implement our strategy through a management model built based on industry best practices:

  • ISO 27000 standards, NIST Cyber Security Framework standard, IEC 62443, and NERC CIP.
  • Accountability Guidelines for the processing of personal data issued by the Superintendence of Industry and Commerce.
  • Cybersecurity Guide issued by the National Operation Council for the Colombian electricity sector under Agreement 1502.
  • Cybersecurity Governance Model: An interdisciplinary committee coordinated by the Cybersecurity Leader ensures compliance with information security, personal data processing, and cybersecurity policies and guidelines.

We have a Cybersecurity and Technology Observability Center (CCOT), a Cybersecurity Committee, and a Technology Risk Committee.

We perform 24/7/365 monitoring from the Cybersecurity and Technology Observability Center (CCOT) of databases containing personal information, critical cyber assets, and ICT infrastructure.

Through ethical hacking and with the support of cybersecurity tools, we carry out ongoing vulnerability management, reported by the Cybersecurity and Technology Observability Center (CCOT). The results, scope, and associated corrective actions are reviewed mont.

We participate in various inter-institutional spaces led from Colombia:

  • Cybersecurity Committee of the National Operation Council.
  • Cybersecurity Committee of the Regional Integration Commission (CIER).
  • Computer Security Incident Response Team (CSIRT).
  • Forum of Incident Response and Security Teams (FIRST).
  • Colombia Inteligente.
  • Critical Infrastructure Committee of the Ministry of ICT.
  • Mining and Energy Planning Unit (UPME)
  • Risk Committee of Grupo Argos.
  • ICONTEC standardization working groups for NTC 6079.

We manage the risk of a cyberattack through a cybersecurity/information security management program that includes:

  • Identification of information assets.
  • Defense-in-depth for information asset protection.
  • Protection of databases containing personal data.
  • Cyber intelligence to identify risk exposure on the internet.
  • Incident response orchestration to improve readiness against cyberattacks.
  • Support for projects, applying the principle of security by design 24/7/365 monitoring from the Cybersecurity and Technology Observability Center (CCOT).
  • Cybersecurity plans for critical assets such as substations, wind, solar, and hydro plants.
  • Automatic inventory of critical cyber assets, including identification of vulnerabilities, threats, and risk levels.
  • Access control for Intelligent Electronic Devices (IEDs).
  • Perimeter security for the protection of critical cyber assets.
  • Social engineering campaigns to assess employee awareness and behavior regarding cyber risk.
  • Escalation process for employees to report incidents, vulnerabilities, or suspicious activities.
  • Supply chain risk management plan.
  • Incident response plan for critical cyber assets.
  • Disaster recovery plan for the commercial system, measurement management center, and advanced distribution management system.
  • Internal audits of IT infrastructure management and/or the information security management system.
  • Independent audit of the cybersecurity management system to verify compliance with the implementation agreement of the cybersecurity guide from the National Operation Council.
  • Cybersecurity dashboard with indicators to disclose incidents with economic or reputational impact on the company.

Learn more about our Cybersecurity Policy.

Learn more about the Information Security Policy.

Cybersecurity governance

The Board of Directors and the Steering Committee are actively involved in defining, monitoring and reviewing the cybersecurity strategy.

In accordance with the Code of Good Governance, the Board of Directors has defined an Audit, Finance and Risk Committee in which Eduardo Pizano, José Manuel Restrepo and Andrés Escobar, from the Board of Directors, participate, in addition to other members of the Steering Committee and the Audit area.

The responsibilities of this committee, which meets every three months, or whenever a situation requires it, is to review and evaluate risk management, and propose the improvements it deems necessary for the configuration of a risk profile, in accordance with the strategic objectives of the organization.

Considering that cybersecurity is one of the main risks we face in Celsia, the committee supervises the management developed by the administration for the implementation of the strategy formulated by the Cybersecurity leader. The person in charge of showing the cybersecurity program and its respective progress to the Steering Committee is the Technology leader.

To learn more about the Code of Good Governance.

To learn more about the experience of the members of the Audit, Finance and Risk Committee, learn more about their resumes by clicking here.

Learn more about the results of our Cybersecurity management in 2024 here.

Click here for our ESG Databook with details of all ESG indicators.

 

 

You may also be interested in