Call NOW

Vulnerability Disclosure Policy

RB Consultancy Ltd are committed to addressing and reporting security issues through a coordinated and constructive approach designed to provide the greatest protection for RB Consultancy Ltd customers, partners, staff and all Internet users.
A security vulnerability is a weakness in our systems or services that may compromise security. This policy applies to security vulnerabilities discovered anywhere by both RB Consultancy Ltd staff and by others using RB Consultancy Ltd services. The responsibility for this policy is with the senior management team of RB Consultancy Ltd who will review it on an annual process (as a minimum). All staff must follow this policy and will receive regular training on how to follow it.
Reporting vulnerabilities:
If you believe you have discovered a vulnerability in one of our services or have a security incident to report, please email rb@rbconsultancyltd.co.uk or make contact via phone on +44 (0) 333 3390051.
Once we have received a vulnerability report, RB Consultancy Ltd takes a series of steps to address the issue:
  • We will provide prompt acknowledgement of receipt of your report of the vulnerability
  • We request the reporter keep any communication regarding the vulnerability confidential
  • We will work to understand and investigate the vulnerability
  • We will provide a timeframe for addressing the vulnerability.
  • We will notify you once the vulnerability has been resolved, to allow retesting by the reporter if needed.
  • We may publicly announce the vulnerability (should that be appropriate).
  • Public announcements may include a reference to the person/people who reported the vulnerability, unless the reporter(s) would prefer to stay anonymous. RB Consultancy Ltd will endeavor to keep the reporter apprised of every step in this process as it occurs.
We greatly appreciate the efforts of security researchers and discoverers who share information on security issues with us, giving us a chance to improve our services, and better protect our customers. In line with general responsible disclosure good practice, we ask that security researchers:
  • Allow RB Consultancy Ltd an opportunity to correct a vulnerability within a reasonable time period before publicly disclosing the identified issue.
  • Provide sufficient detail about the vulnerability to allow us to investigate successfully including steps required to reproduce the issue
  • We appreciate the use of the Common Vulnerability Scoring System when reporting a vulnerability:
  • Do not modify or delete data, or take actions that would impact on RB Consultancy Ltd customers
  • Do not carry out social engineering exercises or to attempt to find weaknesses in the physical security of RB Consultancy Ltd offices or other locations.

Template Source

This document was made available under the Creative Commons BY-SA license and edited to suit RB Consultancy Ltd. To view a copy of this license visit https://creativecommons.org/licenses/by- sa/4.0/

Arrange a call to see how we can help

Book a call to explore how we can work together and ensure cyber security is switched on for your organization
book a call

Company Details

  • Registered address: 20 - 22 Wenlock Road, London, England, N1 7GU
  • Trading address: Pioneer House, Pioneer Business Park, North Road, Ellesmere Port, Cheshire, CH65 1AD
  • Company Number: 14677066
  • VAT Registration Number: 479590726

Useful Links

Services

Contact

Copyright © 2024 – All rights reserved.