At COINS, one of our foremost priorities is to protect all types of information and data provided by our stakeholders, including clients, employees, partners, government (and regulatory agencies) and suppliers. We hold ISO 27001:2013 (ISO 27001) certification, validated through third-party audit by BSI Group, one of the most respected and reputable management systems certification bodies in the world.
ISO 27001 is one of the most internationally accepted and widely recognised information security standards. It was developed to provide organisations with a framework for establishing processes for implementing, operating, monitoring, reviewing and improving an Information Security Management System (ISMS). Our ISO 27001 certification confirms our ISMS is aligned with international information security best practices and we have the right processes and procedures in place to handle a wide range of information assets. It demonstrates that COINS places a priority on client data protection through implemented controls including security-by-design product development, data encryption, vulnerability management, business continuity, disaster recovery plans and much more.
If you believe you have found a security issue that meets COINS definition of a vulnerability, please submit a report to our security team via one of the methods below:
Please include the following information in your report:
COINS values the members of the independent security research community who find security vulnerabilities and work with COINS so that security fixes can be issued to all customers. COINS does not operate a bounty programme but it is our policy to credit all researchers when a fix for the reported security bug is issued. In order to receive credit, security researchers must follow responsible disclosure practices, including:
We are unable to respond to bulk reports generated by automated scanners.
If you identify issues using an automated scanner, it is recommended that you have a security practitioner review the issues and ensure that the findings are valid before submitting a vulnerability report to COINS.
COINS follows the MITRE.org definition of a security vulnerability which defines a security vulnerability as “a weakness in the computational logic (e.g., code) found in software and hardware components that, when exploited, results in a negative impact to confidentiality, integrity, OR availability.
Mitigation of the vulnerabilities in this context typically involves coding changes but could also include specification changes or even specification deprecations (e.g., removal of affected protocols or functionality in their entirety).”
Congratulations! Your email alert has been set up. |