Privacy and Security Assessment process

The Privacy and Security Assessment process (PSA process) is a core element in safeguarding security and data privacy at Deutsche Telekom.

Data privacy and security are continuing to grow in significance. This fact is illustrated by the rapid rise in politically and criminally motivated cyber attacks. Around the world, individuals, organizations, and corporation, such as Deutsche Telekom, are being targeted. Data privacy and security are particularly pivotal for Deutsche Telekom, since our services are based on our customers' trust in security.

Deutsche Telekom recognized the resulting challenges at an early stage and responded by developing and introducing a tailored solution: the Privacy and Security Assessment (PSA).

The PSA process guarantees that all development projects meet the strictest technical security and data privacy requirements.

The PSA process has the following goals

  • A consistent and adequately high security and data privacy level in all products, systems and platforms.
  • An integrated and standardized process for technical security and data privacy as a deeply rooted element of product and system development processes.
  • A support level adapted to project complexity and criticality through the introduction of categorization at the start of each development project.

Small steps for a project, one giant leap for data privacy and security

The characteristic of the PSA process is simplicity and clearness. The reduction on essential steps supports the efficiency and complete use for all relevant projects of Deutsche Telekom group.

First step is a categorization of the project. Hereby the security relevance will be identified. This is necessary for prioritization reasons due to the high amount of IT and NT projects yearly executed by Deutsche Telekom AG group.

Other steps of the PSA process are direct linked to the single phases of the particular project.

A first important step is the identification of relevant privacy and security requirements. The requirements are compiled by the security and privacy experts of Deutsche Telekom on basis of vendor specifications and industry standards as well as valid laws and regulations. They are group-wide aligned and enforced. Next step of the PSA process is implementing, testing and documentation of the requirements. For not implementable requirements a automatic risk assessment on basis of the protection need of the individual system will be performed. If necessary an action plan will be prepared together with the project team.

The PSA process guarantees for all relevant projects and systems the implementation of groups security and privacy standards and an approval by security and privacy experts before bringing in service.

Security requirements can be downloaded here (zip, 3.5 MB).