Application security

Truphone internal application development is supported by guidance during the systems development life cycle (SDLC) and by following base security principals, including confidentiality, integrity and availability. Our development is reviewed and evaluated in accordance with OWASP Top 10 Web Vulnerabilities.

Application security

Third party security

Truphone suppliers are selected based on the quality services and security guarantees provided, and must be aligned with Truphone's own standards and vision. Our suppliers are periodically assessed and monitored according to quality KPIs and SLAs.

Third party security

Infrastructure security

Our infrastructure is composed of facilities, systems, sites, information, people, networks and processes. Each component is reliant on strong measures and security practices. This allows Truphone to insure integrity and availability in all services delivered to our customers. The implemented security measures follow CIS Top 20, and these are aligned with ISO/IEC 27001:2013, security controls.

Infrastructure security

Cyber Security Operations

Truphone has created a Computer Security Incident Response Team (CSIRT) that responds and proactively monitors information security incidents. Our CSIRT is an accredited member of the Portuguese National CSIRT Network.

ISO Logo

ISO 27001 Certification

ISO 27001 Certification was achieved by Truphone on 2013, and since then we are fully dedicated on the continual improvement of our ISMS according to the standard, and following the technology security expansion. Periodically our people, policies, processes and systems are reviewed and audited by external evaluators, which attest our compliance for the certification purpose.


GSMA SAS Certification

Truphone is one of the few companies in the world certified with the GSMA SAS. This certification allows us to remotely allocate subscription credentials into devices, without compromise security. The certification process follows a strong and hard security requirements implementation, which are frequently verified by the Certification Body.

Cyber Essentials Plus

UK Cyber Essentials Plus

Truphone is now a Cyber Essentials Plus certified organisation, thus providing the assurance that all criteria for external services, corporate operating system images, and cyber controls are in place to protect our customers' information. Through this accreditation, Truphone reiterates its commitment to protecting personal customer information above all else—demonstrating that we’re not only a global leader in telecoms technology, but also customer safety.

Data Center Compliance

Truphone's core systems and applications are hosted in several secure and certified data centres across the globe. These data centres are layered with operational and security controls, following all requirements for Tier 3 Certification.

Our data centres have been accredited under the most demanding and relevant security standards, such as ISO 27001, ISO 22301, SOC 1, SOC 2, SOC 3, PCI and FIPS 140-2. Additionally, Truphone has built private cages within the hosting data centres to further protect our customer's information, meeting the highest demands for physical security.

Data Center Compliance


General Data Protection Regulation

At Truphone we are committed to maintaining the privacy and security of the data we hold for you. Truphone takes complying with the General Data Protection Regulation (GDPR) seriously, so that your customers’ data is processed lawfully, fairly and in a transparent manner. You can request your Individual Right to be executed by emailing