How does MyOperator safeguard customer data and comply with ISO/IEC 27001:2013?
Quick answer
MyOperator protects the confidentiality, integrity, and availability of all service data through an ISO/IEC 27001:2013–certified Information Security Management System (ISMS). Controls include AWS-hosted infrastructure with VPC isolation, 128-bit-encrypted SSL traffic, SiteLock malware scanning, intrusion-detection tools, annual employee security training, and a formal responsible-disclosure program for researchers.
When should I use this guide?
Share this article with security, procurement, or compliance teams that need a single reference on MyOperator’s certifications, technical safeguards, and vulnerability-reporting process.
1. Security philosophy & scope
MyOperator’s foremost commitment is to safeguard confidentiality, integrity, service availability, and the data clients entrust to us—whether stored, processed, or transmitted through our services.
2. ISO/IEC 27001:2013 certification highlights
MyOperator maintains Information Security Policies and Procedures that are reviewed and audited yearly against ISO/IEC 27001:2013. Certification demonstrates:
- Commitment to information security
- Formal risk-management controls
- Legal and regulatory compliance
- Continual improvement of the ISMS
- Globally recognised third-party assurance
3. Employee training & incident response
- Annual information-security training and awareness programs for every employee keep the workforce up-to-date on modern threats.
- Comprehensive procedures exist for reporting, tracking, investigating, communicating, and remediating security incidents, enabling swift response and minimal impact.
4. Technical safeguards
Measure | Details |
|---|---|
Amazon Web Services (AWS) | Robust cloud infrastructure supports strong security protocols. |
Amazon Virtual Private Cloud (VPC) | All data resides on servers inside a restricted VPC; external access is blocked. Encrypted data is virtually impossible to decrypt, even if it is accessed. |
SSL certificates | 128-bit encryption secures every client ↔ server session; HTTPS rollout covers all MyOperator app pages. |
SiteLock malware scanner | Continuous website scanning blocks malicious scripts, session hijacking, and cookie-stealing attacks. |
Other tools & techniques | Rigorous code reviews, intrusion-detection/prevention tools with auto-alerts, and IP whitelisting via firewalls prevent unauthorised access. |
5. Responsible Disclosure Policy
MyOperator invites security researchers to report vulnerabilities under clear guidelines:
Authorization
- Good-faith research within this policy is authorised. MyOperator will not pursue legal action and will acknowledge the value of such research.
Policy guidelines
- Notify MyOperator promptly after discovering an issue.
- Avoid privacy violations, production disruption, or data destruction.
- Exploit only enough to confirm a vulnerability; do not exfiltrate data.
- Allow reasonable time for remediation and keep details confidential until resolved.
- Stop testing and report immediately if sensitive data is encountered.
6. Actions outside policy scope
The above assurances do not apply if:
- A researcher exploits or discloses data beyond confirming a vulnerability.
- Testing degrades user experience, disrupts production systems, or manipulates data.
- Vulnerability details are published before MyOperator resolves the issue.
Keywords: MyOperator security, ISO 27001, AWS VPC, SSL encryption, SiteLock, responsible disclosure
Updated on: 04/02/2026