Disclosure

ENTELEC CONTROL SYSTEMS DISCLOSURE

Last updated February 29, 2024

At Entelec Control Systems, safeguarding the integrity of our systems is paramount. While we take great care to ensure the security of our systems, there is always a possibility of vulnerabilities. If you identify any vulnerability or security loophole in our systems, be it physical or digital, please inform us promptly so that we can swiftly implement necessary security measures. We value collaboration in enhancing the security of our systems, protecting our customers, and preserving our ecosystem.

Scope

This policy is relevant to all concerned parties and stakeholders associated with Entelec Control Systems, encompassing any of our services and platforms.

Audience

We seek cooperation from the following audiences within the specified scope, including but not limited to:

• Website Visitors
• Visitors to Entelec Control Systems premises
• Employees and Staff
• Customers
• Contractors and Partners
• Prospects
• ...

Protocol

What we request you to do

Should you discover a vulnerability, kindly follow these steps:

• Furnish sufficient information to replicate the problem for a prompt resolution. Typically, details like the IP address or URL of the affected system and a description of the vulnerability are sufficient, but more complex issues may require additional information.
• Email your findings to info@entelec.be.

What we ask you NOT to do

Upon uncovering a vulnerability, kindly refrain from:

• Exploiting the issue by downloading excessive data, viewing, deleting, or modifying data from third parties.
• Sharing the problem with others before its resolution. Additionally, promptly erase any confidential data obtained through the vulnerability after its closure.
• Engaging in physical security breaches, social engineering, distributed denial of service, spam, or any action that damages our platforms and impacts system performance.

Please be aware

There is a legal protocol to be followed (see legal reference below). Any illegal access to our systems will be prosecuted to the fullest extent if this regulatory protocol is disregarded.

What you can expect from us

• We will acknowledge your report within 5 working days, providing an initial assessment and an expected resolution date.
• If you adhere to the conditions and legal requirements outlined by cyberlaw, we will not take legal action against you concerning the report.
• Your report will be treated confidentially, and we will not share your personal data without your permission unless legally obligated to do so.
• Upon request, we will keep you informed of the problem-solving progress.
• In notifying you of the reported issue, we will mention your name as the discoverer if you desire.

Publication of the vulnerability or resolution

Only Entelec Control Systems has the authority to communicate and publish information on discovered vulnerabilities. No publication is allowed without prior agreement and validation by Entelec Control Systems.

Courtesy

This responsible disclosure policy is modeled after the open-source project under the Creative Commons v3 license: https://responsibledisclosure.nl/

Legal reference

Please be aware that reporting any vulnerability is subject to legislation.

As Entelec Control Systems HQ is situated in Belgium, the Belgian law on vulnerability disclosure applies.

In summary (quote from the website of CCB):

• Limit yourself strictly to the facts necessary to report a vulnerability, avoiding actions beyond what is necessary and proportionate for verification.
• Act without fraudulent intent or the intention to harm.
• Inform the organization responsible for the system, process, or control of the vulnerability as soon as possible after its discovery.
• Report the discovered vulnerability promptly to the CCB (in the absence of a CVDP), in writing and following the procedures described in point D of the CCB policy.
• Do not publicly disclose information about the discovered vulnerability without the agreement of the national CSIRT (CCB).

More information: https://ccb.belgium.be/en/vulnerability-reporting-ccb

General company info

Website: https://www.entelec.eu/

Contact: https://www.entelec.eu/contact

VAT: BE 0543.803.378 (Belgium)

Entelec Control Systems HQ

Wetenschapspark 25

3590 Diepenbeek

Belgium

Phone: +32 11 30 30 01