Glad you're here!

On our website, we use cookies. We use cookies for tracking statistics, to save preferences, as well as for marketing purposes. By clicking on 'Preferences' you can change your preferences. By clicking 'Accept', you agree to the use of all cookies as described in our cookie statement.
AcceptPreferencesReject
Services
Products
Branches
PartnersCasesAbout us
InsightsJobsContact
NL
Services
Products
Branches
PartnersCasesAbout us
InsightsJobsContact
NL

Responsible disclosure

Last update: Feb. 4, 2023

Within Innovadis, we consider security very important. We will therefore always do everything possible to keep our systems as secure as possible. Unfortunately, despite all our precautions and controls, it can happen that there is temporarily a vulnerability in one of our systems. Have you discovered a vulnerability? Please let us know so we can take appropriate action. When you make a report, you automatically agree to the following agreements about our Responsible Disclosure. Naturally, we will handle the report with due care and according to these agreements.

We ask:

  • Make a report within 24 hours of discovering the problem
  • To forward the notification at datalek@innovadis.com
  • Provide sufficient information to reproduce the problem. This gives us the opportunity to solve the problem as soon as possible. Often providing an IP address or URL together with a description of the problem and a screenshot is sufficient. For more complex issues, we may ask for more information.
  • Pass on only factual information that relates to the problem.
  • Pass on any tips that may help us solve the problem. Please note; please avoid advice that could be seen as advertising specific (security) products.
  • Limit findings to outlines (helicopter view)
  • Please leave at least an email address or phone number so that we can contact you with questions and uncertainties. Also, this way we can work (together) faster on a safe solution. Of course this can and may always be done anonymously.
  • Please do not share the problem publicly until we have resolved it. Should we fail to resolve the problem quickly and adequately, we would also like to ask you not to publicize it and not to make/share it publicly.
  • To delete any acquired (confidential) data as soon as possible.

This does not make us very happy:

  • Misuse the problem. For example, do not download more data than necessary to test the leak. Also, do not delete or change data, especially not others' data.
  • Do not use tooling that may cause inconvenience at Innovadis.
  • Placing malware on our systems.
  • The so-called "Bruteforcing" of access to our systems is not permitted.
  • Use of Social engineering.

You get:

  • A response to the report within three business days with our assessment and, if necessary, the expected resolution timeframe.
  • Updates regarding troubleshooting.
  • The assurance that we will treat your personal data confidentially. We will only disclose it to others when we are required to do so by law (think of a court order).
  • Anonymity. We do not pay public attention to reports. Only when and when a duty to report (data) leaks applies and is required by law. Even then, if desired, the reporter remains anonymous.
  • A small reward for reporting a problem unknown to us. The amount of the reward is determined by Innovadis and is based on the severity of the problem.

Let's create positive
impact together!

Connect with us

Instagram
Facebook
LinkedIn

Pages

HomeBranchesAbout usContact
ServicesPartnersInsights
ProductsCasesJobs

Our information

Brouwerijstraat 1-A1
7523 XC Enschede

Certifications

General Terms and ConditionsPrivacy statement
Cookie statementDisclaimer
Security PolicyResponsible disclosure