Sustainability Accounting Standards Board (SASB)
The Sustainability Accounting Standards Board (SASB) provides a collection of industry-specific standards to help measure and communicate performance on environmental, social and corporate governance (ESG) topics.
Inclusion of information in this index should not be construed as a characterization of the financial materiality or impact of that information. Please see our corporate Annual Report or Form 10-K for the year ended December 31, 2021 and other publicly-filed documents available at https://investors.att.com/.
In July 2021, we completed a transaction with TPG Capital involving our North America video business – including DIRECTV, AT&T TV and U-verse – to form a new company called DIRECTV. In November 2021, we completed the sale of our Latin America video operations, Vrio, to Grupo Werthein. In April 2022, we completed a transaction to combine our WarnerMedia segment, subject to certain exceptions, with a subsidiary of Discovery Inc. In June 2022, we completed the sale of the programmatic advertising marketplace component of Xandr Inc to Microsoft.
|SASB Code(s)||SASB Requested Metric(s)||AT&T Response|
Total N. America wireless customers: 222.153 million
Total voice connections: 9.510 million
|TC-TL-000.C||Broadband subscribers||Global broadband subscribers: 15.504 million Please see our Q4 2021 Earnings Statement.|
||In Q4 2021, our advanced network carried more than 484 petabytes of traffic on an average business day. AT&T is not able to provide further breakdown of this data as requested, as it is proprietary and confidential. For more information, please see our Network Quality & Reliability issue brief.|
Number of customers whose information is used for secondary purposes
||AT&T is not able to provide this data, as it is proprietary and confidential.|
|TC-TL-220a.3||Total amount of monetary losses as a result of legal proceedings associated with customer privacy||AT&T is not able to provide this data, as it is proprietary and confidential.|
Number of law enforcement requests for customer information:
||Like all companies, we are required by law to provide information to government and law enforcement entities, as well as parties to civil lawsuits, by complying with court orders, subpoenas, lawful discovery requests and other legal requirements. Twice a year, we issue a Transparency Report listing (1) specific data regarding the number and types of legal demands to which we responded for the prior 6 months that compelled AT&T to provide information about (a) communications or (b) our customers, as well as (2) information permitted by law to be disclosed about Foreign Intelligence Surveillance Act demands. The Transparency Report also provides information about legal demands that were partially or completely rejected, and for which no data was provided. AT&T does not currently disclose the number of individual customers whose records were requested.|
Number of data breaches:
||AT&T is not able to provide information on data security breaches, as it is proprietary and confidential. While we work hard to safeguard the privacy of consumer and employee information, there are occasions when unauthorized parties attempt to gain access to our consumers’ or employees’ information. In partnership with stakeholders such as the AT&T Chief Security Office, our Corporate Compliance Office provides oversight of privacy and security incidents, including periodic testing of incident response plans. The AT&T Incident Response team follows a carefully designed governance structure and response process for these incidents, investigating suspected breaches and evaluating their potential impact. If we determine that a data breach has occurred, we notify affected consumers and authorities as required by applicable law. For more information on our data protection and security practices, please see the AT&T Privacy Center website and our Privacy or Network & Data Security issue brief.|
|TC-TL-230a.2||Description of approach to identifying and addressing data security risks, including use of third-party cybersecurity standards||AT&T has developed and maintains the AT&T Security Policy and Requirements (ASPR), a comprehensive set of security control standards based, in part, on leading industry standards such as ISO/IEC 27001:2013. ASPR also aligns with laws and standards such as the National Institute of Standards and Technology (NIST) Cybersecurity Framework and NIST 800-53, as well as the European Union’s General Data Protection Regulation (GDPR), Criminal Justice Information Services (CJIS) Security Policy, and the California Consumer Privacy Act (CCPA). AT&T also performs annual third-party certifications/audits – such as those for the Payment Card Industry (PCI) Data Security Standard, the Information Security Standard (ISO/IEC 27001), Sarbanes-Oxley Act (SOX) and SSAE 18/ISAE 3402 (SOC) and the Quality Management Standard (ISO 9001)*– to demonstrate compliance to our customers and our stakeholders. AT&T maintains two global ISO/IEC 27001:2013 certifications. The scope of these certifications covers the AT&T global IP infrastructure and certain customer-facing products and services. * ISO 9001 certification is applicable in the following areas within AT&T: Network Operations, Supply Chain, and Government Solutions. Visit our Network & Data Security Issue Brief|
Materials recovered through take back programs, percentage of recovered materials that were:
Materials from take-back programs:
|TC-TL-520a.1||Total amount of monetary losses as a result of legal proceedings associated with anti-competitive behavior regulations||For the fiscal year 2021, AT&T had no material losses related to litigation or to non-appealable regulatory decisions involving anti-competitive behavior.|
Average actual sustained download speed of:
||AT&T does not favor certain websites or internet applications by blocking or throttling lawful internet traffic on the basis of content, application, service, user or use of nonharmful devices on its broadband internet access services. In the provisioning of broadband internet access services, AT&T does not directly or indirectly favor some traffic over other traffic in exchange for consideration from a third party or to benefit an affiliate, except to address the needs of emergency communications, law enforcement, public safety (including FirstNet), or national security authorities, consistent with or as permitted by applicable law. For more information on our approach to network traffic management, see the AT&T Broadband Information: Network Practices webpage. For information on the expected and actual performance of our wireline and mobility network services, see the AT&T Broadband Information: Performance Characteristics webpage.|
|TC-TL-520a.3||Description of risks and opportunities associated with net neutrality, paid peering, zero rating, and related practices||For information on the topics, see AT&T’s public policy statements about net neutrality and network-to-network connections on the AT&T Public Policy Blog, and the AT&T Global IP Network Peering Policy.|
|TC-TL-550a.2||Discussion of systems to provide unimpeded service during service interruptions||At AT&T, we design our network and operations to be resilient – so we’re prepared to provide essential communications and data connectivity for our customers and communities, even before disaster strikes. Our global team of certified and experienced business continuity experts, led by our President – Network Engineering and Operations, works to maintain operations of key business processes by utilizing documented business continuity strategies, plans and procedures that are updated and exercised on an annual basis, or more frequently as business conditions require. Regular reports on our business continuity efforts are shared with the Audit Committee of the AT&T Board of Directors. The AT&T Business Continuity Management Program is certiﬁed to the international business continuity standard, ISO 22301:2012. It is also aligned with the Disaster Recovery Institute International (DRII) Professional Practices, Business Continuity Institute Good Practice Guidelines, Department of Homeland Security National Incident Management System and ISO 31000. Our alignment with these standards demonstrates our ability to resume business operations and deliver customer service in the vital hours and days after a disaster. Our systems collect billions of service-assurance measurements across our wired and wireless network every hour and make adjustments as needed to improve service. We aggregate and analyze this data in near real-time to derive insights that help manage our network, improve performance and deliver the best possible customer experience. To learn about our network management policies, see our Network Practices. If disruption occurs, network technicians – and if needed, our Network Disaster Recovery personnel and fleet – are deployed to rapidly restore communications to affected areas. For additional details on our managerial approach, please see our Business Continuity, Longevity & Innovation and Network Quality & Reliability issue briefs.|