At MyOperator, our foremost commitment is to safeguard confidentiality, integrity, and the services we provide, as well as the service data entrusted to us by our clients. This includes information that is stored, processed, and transmitted as an integral part of the services we offer.
At MyOperator, we have established Information Security Policies and Procedures that are specifically designed for the necessary and relevant processes. These policies and procedures undergo annual reviews and audits to ensure their alignment with ISO/IEC 27001:2013 standards. This certification serves as evidence that MyOperator has successfully met the compliance requirements of the Information Security Management System ISO/IEC 27001:2013.
This certificate sets out the criteria for establishing, implementing, maintaining, and continually improving an organization's ISMS. If an organization has achieved certification under ISO/IEC 27001:2013, it demonstrates that they have implemented a comprehensive and systematic approach to managing information security risks.
Here are some key points that the certification demonstrates about MyOperator
Commitment to Information Security
MyOperator has shown its commitment to protecting the confidentiality, integrity, and availability of information by implementing security controls and measures.
MyOperator has identified and assessed information security risks and has implemented appropriate controls to mitigate or manage those risks effectively
Legal and Regulatory Compliance
MyOperator is aware of relevant legal and regulatory requirements concerning information security and has implemented measures to comply with them.
MyOperator has established processes to monitor, review, and continually improve the effectiveness of its information security management system
ISO/IEC 27001:2013 is an internationally recognized standard, and achieving certification provides assurance to customers, partners, and stakeholders that MyOperator has implemented appropriate information security controls
Overall, ISO/IEC 27001:2013 certification demonstrates that MyOperator takes information security seriously and has implemented a comprehensive framework to manage and protect sensitive information. It enhances trust and confidence in MyOperator's ability to handle information securely.
To enhance the overall security posture, we provide Information Security Training and awareness programs to our employees on an annual basis. This ensures that our workforce remains well-informed and up-to-date with the latest security practices and protocols.
Furthermore, we have implemented comprehensive procedures for reporting, tracking, investigating, communicating, and remediating security incidents. These procedures enable us to respond effectively and efficiently to any security breaches or incidents that may occur, ensuring swift resolution and minimizing potential impact.
MyOperator ensures high availability and security for our customers through the following measures
Amazon Web Services (AWS)
We leverage the robust infrastructure of Amazon's cloud services to provide exceptional availability and security.
- AWS offers a wide range of options to enhance security, including security groups, encrypted data storage, and secure access.
- By utilizing AWS, we eliminate the concerns associated with data theft often faced by local data centers, as AWS provides the necessary infrastructure to support stringent security protocols.
Amazon Virtual Private Cloud (VPC)
We have designed a well-structured architecture within the VPC framework, where access from the outside world (internet) is restricted.
- All data is stored on servers located within the VPC. This setup significantly reduces the risk of unauthorized access to stored data.
- Even in the unlikely event that someone manages to gain access, the encrypted data remains virtually impossible to decrypt.
SSL certificates play a crucial role in establishing secure communication between clients (web browsers) and servers.
- They ensure that all data transmitted from the server to your web browser or mobile app is encrypted using 128-bit encryption.
- This level of encryption prevents compromise by man-in-the-middle attacks, offering robust protection for your data. Soon, you will be able to access all MyOperator App pages via the secure HTTPS protocol.
SiteLock Malware Scanner
To ensure a safe browsing experience for our visitors, we employ the SiteLock malware scanner.
- This powerful tool continuously scans our website for malicious scripts, effectively safeguarding visitors from viruses and malware.
- By proactively preventing session hijacking and cookie stealing attacks, we maintain a secure environment for users.
Other Tools and Techniques
Data security is our utmost priority during the development of our product.
- Every module and functionality undergoes thorough checks and rigorous testing to identify and address any security flaws, information leakage, or unauthorized access control.
At the architectural level, we have implemented a range of tools for intrusion detection and prevention.
- These tools automatically generate alerts or block malicious activities, thereby mitigating the risks posed by hackers. Additionally, we employ IP whitelisting through firewalls to restrict unauthorized or suspicious access to our servers.
As a SaaS service provider, we understand the criticality of maintaining the security of every piece of information that enters our system.With over 10,000 customer accounts and growing, we assure each and every one of our customers that their data is safe and protected.
Responsible Disclosure Policy
MyOperator is deeply committed to ensuring the security of information stored, processed, or transmitted as part of our products and services used by our customers. In line with this commitment, we have established a security research policy that provides clear guidelines for conducting vulnerability discovery activities and outlines our preferred method for submitting discovered vulnerabilities.
This policy covers the systems and types of research that fall under its scope, outlines the process for reporting vulnerabilities, and explains our approach and timelines for addressing them. We strongly encourage security researchers to contact us to report any potential vulnerabilities they may uncover within our systems.
If you make a genuine effort to adhere to this policy while conducting security research, we will consider your activities authorized. We will collaborate with you to understand and promptly resolve any identified issues. MyOperator acknowledges and recognizes the value of your research and will not pursue or recommend legal action against you for activities conducted in accordance with this policy. In the event that a third party initiates legal action against you for actions performed within the scope of this policy, we will make it known that your activities were authorized.
Under this policy, "research" refers to activities in which you
- Notify us promptly after discovering a real or potential security issue.
- Make every effort to avoid privacy violations, user experience degradation, disruption to production systems, and data manipulation or destruction.
- Utilize exploits only to the extent necessary to confirm the existence of a vulnerability.
- Do not exploit vulnerabilities to compromise or exfiltrate data, establish persistent command line access, or pivot to other systems.
- Allow us a reasonable amount of time to address and resolve the identified issue.
- Refrain from submitting a large volume of low-quality reports.
- Cease testing and immediately notify us if you encounter sensitive data, such as personally identifiable information, financial information, or proprietary/trade secret information. Do not disclose this data to anyone else.
- Use the designated communication channel to report vulnerability information to us.
- Refrain from documenting or publicly publishing the details of the vulnerability, as it goes against our responsible disclosure policy.
- Maintain confidentiality regarding any identified vulnerabilities until the issue has been resolved.
10,000+ Businesses Activated
200 Million Calls Enabled
4.5 Google Rating
#1 Ranked in India's Cloud Telephony Leadership Matrix