top of page

Corporate Information Security Policy

Updated: 19 May 2024


1. General


As a service to our external stakeholders, this section provides a general overview of the
purpose, direction, principles and basic rules of our corporate information security
management policy.
​This policy applies to the entire Information Security Management System (ISMS), as
defined in RubyComm's information security system policy (detailed in a separate


2. Goal


The purpose of our Information Security Policy is to establish a framework for the protection
of the organization's information assets and is designed to:

● Protect the organization's information from all threats, whether internal or external,
deliberate or accidental.

● Facilitate secure information sharing between RubyComm and external stakeholders
or other third parties.

● Encourage consistent and professional use of information.

● Ensure that all company employees and third parties understand their roles in using
and protecting information.

● Ensure business continuity and minimize business damage.

● Protect the organization from legal liability and the inappropriate use of information.

● For more information regarding our information security system policy, please
contact us at


3. RubyComm Responsible Disclosure Policy


At RubyComm Ltd, we take the security of our systems and user data seriously. We value the
contributions of the security community and believe in working together to keep the internet
safe. This Responsible Disclosure Policy outlines the steps for reporting potential security
vulnerabilities in our systems and the way such reports are handled.


Reporting Security Vulnerabilities


If you believe you have discovered a security vulnerability in any of our systems, we encourage
you to report it to us in a responsible and timely manner. To report a vulnerability, please:


1. Email Us: Send an email to with a detailed description of the
vulnerability. The report should include the following information:


• A summary of the vulnerability.


• Detailed steps to reproduce the issue, including any relevant screenshots or code


• The impact of the vulnerability and any potential risks.


2. Allow Time for Response: We aim to acknowledge receipt of your report within three
working days. We will then work to validate and address the vulnerability promptly, keeping you
updated on our progress.


Guidelines for Reporting


To ensure that your disclosure is handled responsibly and effectively, please adhere to the
following guidelines:


• Do Not Exploit: Do not exploit the vulnerability for any reason, including accessing
unnecessary data, establishing persistent access, or further compromising our systems.


• Do Not Publicly Disclose: Please do not publicly disclose the vulnerability until we
have had an opportunity to investigate and address it.


• Avoid Privacy Violations: Avoid any actions that may compromise the privacy of our
users or the integrity of our data.


What to expect after reporting a vulnerability to us:


1. Acknowledgement: We will acknowledge receipt of your report within three working


2. Investigation: We will investigate the reported vulnerability to validate its existence
and assess its impact.


3. Fix and Communication: If the vulnerability is valid, we will work to fix it and keep you
informed throughout the process.


4. Credit: If you would like to be recognized for your discovery, we would be happy to
include your name in our acknowledgments section (unless you prefer to remain anonymous).


Legal Safe Harbor


We pledge not to pursue legal action against researchers who:


• Adhere to this Responsible Disclosure Policy.


• Avoid privacy violations, destruction of data, and interruption or degradation of our


• Engage in good faith to test and report vulnerabilities.


We are committed to working with the security community to verify, reproduce, and respond to
legitimate reports. We appreciate your efforts to help us maintain a safe and secure
environment for our users.


Thank you for your contribution to our security.
If you have any questions about this policy or need further clarification, please feel free to reach
out to us at




RubyComm Technical Team

bottom of page