Security & Compliance

Lumen continuously strives to implement world-class security and risk management programs to protect our data, people, brand, and shareholders, and maintain security processes and industry accepted standards, regulations and certifications that protect our customers, products, and data. We are a trusted partner and advisor with a risk-based focus to support business growth while consistently exceeding our customers’ needs and expectations.

Compliant Products and Services

Lumen maintains a suite of the latest industry standards that ensures compliance and security are built into all of the products and services Lumen has to offer. Lumen trains and provides core security awareness that encourages our employees to act in the best defense of any Lumen cybersecurity risks.

Operational Security

By implementing operational best security practices, administrative security, framework, risk management and knowledge management practices, Lumen has developed an effective overall cybersecurity program for security and compliance. Lumen focuses on all aspects of security operations automation, vendor risk management, remote workforce risk management and a mature insider threat program. Lumen is committed to ensuring business resiliency and survivability during an incident or business disruption. Our Corporate Business Continuity Management program supports an environment of prevention, collaboration, communication, response and recovery, ultimately ensuring our ability to serve customers, shareholders and employees in the face of disruptive events.

Compliance and Audit

Lumen knows that maintaining proper security and compliance programs is critical to supporting and protecting our customers, meeting their compliance requirements, and gaining their trust. We partner with external auditors to perform an assortment of annual assessments that meet industry and regulatory requirements. Lumen provides our customers with confidence in our security through attestations and certifications that meet stringent security and regulatory requirements.

Vulnerability Disclosure Program

Lumen greatly appreciates you informing us about security issues you discover. We take vulnerability disclosures very seriously and have an official Vulnerability Disclosure Program. We work with security researchers in good faith to secure Lumen’s systems. Because Lumen is an ISP and cloud provider, it can be difficult to distinguish between Lumen owned addresses and our millions of public IP addresses that we have allocated to customers. Though we develop and maintain other internet-accessible systems and services, we ask that active research and testing only be conducted on Lumen systems (including those of its affiliate companies such as CenturyLink and Quantum Fiber).


Please review our Vulnerability Disclosure Policy and submit the form below.