Vulnerability Policy

background

Beringar are committed to addressing and reporting security issues through a coordinated and constructive approach designed to provide the greatest protection for Beringar customers, partners, staff, and all Internet users.

A security vulnerability is a weakness in our systems or services that may compromise their security. This policy applies to security vulnerabilities discovered anywhere by both Beringar staff and by others using Beringar services. The responsibility for this policy is with the senior management team of Beringar who will review it on an annual process. All day-to-day staff must follow this policy and will receive regular training on how to follow it.

reporting vulnerabilites

If you believe you have discovered a vulnerability in one of our services or have a security incident to report, please email security@beringar.co.uk or fill out the contact form on the Beringar website (https://www.beringar.co.uk/contact-us).

Once we have received a vulnerability report, Beringar takes a series of steps to address the issue:

We will provide prompt acknowledgement of receipt of your report of the vulnerability
We request the reporter keep any communication regarding the vulnerability confidential
We will work with you to understand and investigate the vulnerability
We will provide a timeframe for addressing the vulnerability.
We will notify you once the vulnerability has been resolved, to allow retesting by the reporter if needed.
We publicly announce the vulnerability in the release notes of the update. We may also issue additional public announcements, for example via social media.
Release notes (and blog posts when issued) will include a reference to the person/people who reported the vulnerability unless the reporter(s) would prefer to stay anonymous.

Beringar will endeavour to keep the reporter apprised of every step in this process as it occurs.

We greatly appreciate the efforts of security researchers and discoverers who share information on security issues with us, giving us a chance to improve our services, and better protect our customers. In line with general responsible disclosure good practice, we ask that security researchers:

Allow Beringar an opportunity to correct a vulnerability within a reasonable time period before publicly disclosing the identified issue.

Provide sufficient detail about the vulnerability to allow us to investigate successfully

We appreciate the use of the Common Vulnerability Scoring System when reporting a vulnerability:

Do not modify or delete data, or take actions that would impact on Beringar customers

Do not carry out social engineering exercises or to attempt to find weaknesses in the physical security of Beringar offices or other locations.

Dated: 21st December 2020

Next Review Date: 21st December 2021

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.