Machinery Safety 101

Website Security

Effective: 2019-03-30

Summary

All software has vulnerabilities. Websites, due to their public-facing nature, are more exposed to threats related to those vulnerabilities than other kinds of non-public software. New software revisions in operating systems and platforms tend to introduce new vulnerabilities while correcting old ones, so there is never a time when it is correct to say that a site is “perfectly secure.” Recognizing these facts, Compliance inSight Consulting Inc. created a website security policy to provide security researchers with a well-known method for contacting us should they find a vulnerability in our websites.

Policy

At Compliance inSight Consulting Inc., we strive to protect our clients’ and users’ data from known threats by limiting the sensitive information stored on web servers, and by using the available technologies to encrypt and protect that data at the best commercially available level. We also restrict the type and amount of user data that we collect through our web properties to just what is necessary for us to communicate with our clients and users, and to provide the products and services we offer.

We offer security researchers the ability to connect with us securely through our signed security.txt file. We commit to responding to reports received in this way by acknowledging the receipt of the report to the researcher who reports it to us. We then publicly acknowledge the problem on this page so that our users are aware of any problems that might affect them.

Privacy Policies

Our privacy policies remain in their previous location where you can review our PIPEDA and GDPR compliance policies. We welcome your questions, and will provide your data or delete it upon request.

Acknowledgements

IncidentDateResponseDate
XMLRPC.xml left open for use with plugins, but no longer used. Discovered by Shivham Pravin Khambe.2021-01-04Vulnerability fixed.2021-01-04
phpinfo.php exposed. Vulnerability identified by Kapitan via OpenBugBounty.org.2021-01-03Vulnerability fixed.2021-01-03
No incidents have been reported.2019-03-31