Corporate Information
Security Policy
Updated: 19 May 2024
1. General
As a service to our external stakeholders, this section provides a general overview of the purpose, direction, principles and basic rules of our corporate information security management policy.
​This policy applies to the entire Information Security Management System (ISMS), as defined in RubyComm's information security system policy (detailed in a separate document).
2. Goal
The purpose of our Information Security Policy is to establish a framework for the protection of the organization's information assets and is designed to:
​
-
Protect the organization's information from all threats, whether internal or external, deliberate or accidental.
-
Facilitate secure information sharing between RubyComm and external stakeholders or other third parties.
-
Encourage consistent and professional use of information.
-
Ensure that all company employees and third parties understand their roles in using and protecting information.
-
Ensure business continuity and minimize business damage.
-
Protect the organization from legal liability and the inappropriate use of information.
-
For more information regarding our information security system policy, please contact us at info@rubycomm.com
3. RubyComm Responsible Disclosure Policy
At RubyComm Ltd, we take the security of our systems and user data seriously. We value the contributions of the security community and believe in working together to keep the internet safe. This Responsible Disclosure Policy outlines the steps for reporting potential securityvulnerabilities in our systems and the way such reports are handled.
Reporting Security Vulnerabilities
If you believe you have discovered a security vulnerability in any of our systems, we encourage you to report it to us in a responsible and timely manner. To report a vulnerability, please:
​
1. Email Us: Send an email to dpo@rubycomm.com with a detailed description of the vulnerability. The report should include the following information:
​
-
A summary of the vulnerability.
-
Detailed steps to reproduce the issue, including any relevant screenshots or code snippets.
-
The impact of the vulnerability and any potential risks.
​
2. Allow Time for Response: We aim to acknowledge receipt of your report within three
working days. We will then work to validate and address the vulnerability promptly, keeping you
updated on our progress.
Guidelines for Reporting
To ensure that your disclosure is handled responsibly and effectively, please adhere to the following guidelines:
• Do Not Exploit: Do not exploit the vulnerability for any reason, including accessing unnecessary data, establishing persistent access, or further compromising our systems.
• Do Not Publicly Disclose: Please do not publicly disclose the vulnerability until we have had an opportunity to investigate and address it.
• Avoid Privacy Violations: Avoid any actions that may compromise the privacy of our users or the integrity of our data.
What to expect after reporting a vulnerability to us:
-
Acknowledgement: We will acknowledge receipt of your report within three working days.
-
Investigation: We will investigate the reported vulnerability to validate its existence and assess its impact.
-
Fix and Communication: If the vulnerability is valid, we will work to fix it and keep you informed throughout the process.
-
Credit: If you would like to be recognized for your discovery, we would be happy to include your name in our acknowledgments section (unless you prefer to remain anonymous).
Legal Safe Harbor
We pledge not to pursue legal action against researchers who:
-
Adhere to this Responsible Disclosure Policy.
-
Avoid privacy violations, destruction of data, and interruption or degradation of our services.
-
Engage in good faith to test and report vulnerabilities.
​
We are committed to working with the security community to verify, reproduce, and respond to legitimate reports. We appreciate your efforts to help us maintain a safe and secure environment for our users.
Thank you for your contribution to our security. If you have any questions about this policy or need further clarification, please feel free to reach out to us at dpo@rubycomm.com.
Sincerely,
RubyComm Technical Team