TRUPHONE SECURITY
Discover how Truphone's systems adhere to industry-standard security protocols.
Truphone internal application development is supported by guidance during software development life cycle (SDLC) and by following base security principals like confidentiality, integrity and availability. Our development is reviewed and evaluated according to OWASP Top 10 Web Vulnerabilities. Truphone critical applications are constantly being assessed against known vulnerabilities with automatic tools and manual intrusion tests.
Truphone suppliers are selected based on the quality services and security guarantees provided, and those are required to be aligned with Truphone standards and vision. Our suppliers are periodically assessed and monitored according to the quality KPIs and SLAs established between the parts.
Our infrastructure is composed by facilities, systems, sites, information, people, networks and processes. All of them is rely on strong measures and security practices. These measures allow Truphone to be focused on assure availability, integrity and availability on the services delivered to our customers. The implemented security measures follow CIS Top 20 and are aligned with ISO/IEC 27001:2013 security controls.
Truphone has created a Computer Security Incident Response Team (CSIRT) that responds and proactively monitors information security incidents. Our CSIRT is an accredited member of the Portuguese National CSIRT Network.
ISO 27001 Certification was achieved by Truphone on 2013, and since then we are fully dedicated on the continual improvement of our ISMS according to the standard, and following the technology security expansion. Periodically our people, policies, processes and systems are reviewed and audited by external evaluators, which attest our compliance for the certification purpose.
Truphone is one of the few companies in the world certified with the GSMA SAS. This certification allows us to remotely allocate subscription credentials into devices, without compromising security. The certification process follows a strong and hard security requirements implementation, which are frequently verified by the Certification Body.
The UK Government – through the National Cyber Security Centre – requires all suppliers bidding for contracts involving the handling of certain sensitive and personal information to be certified against the Cyber Essentials scheme. Truphone is now a Cyber Essentials Plus certified organisation, thus providing the assurance that all criteria for external services, corporate operating system images, and cyber controls are in place to protect our customers' information.
Truphone has its core systems and applications hosted in several secure and certified data centres across the World. Our hosting data centres are multi-layered in operational and security controls, following all requirements for Tier 3 Certification.
Our hosting data centres have been accredited under the most demanding and relevant security standards, such as ISO 27001, ISO 22301, SOC 1, SOC 2, SOC 3, PCI and FIPS 140-2. Additionally, Truphone has built private cages within the hosting data centres to further protect our customer’s information, which meet the highest demands for physical security.
Truphone is contributing to ARCADIAN-IoT, working with leading universities, IoT partners and cybersecurity specialists to develop an advanced security, trust and privacy framework for IoT systems. ARCADIAN-IoT is being supported by the European Commission's Horizon 2020. For more information visit https://www.arcadian-iot.eu/the-project/.
And to see the answers to some of the top questions about this important IoT initiative and our part in making it a reality, just click below.
GDPR
At Truphone we are committed to the privacy and securing of the data we hold about you. Truphone is very serious on complying with the General Data Protection Regulation (GDPR), meaning that your customers data is processed lawfully, fairly and in a transparent manner. You can request your Individual Right to be executed by emailing your request to [email protected].