Com Laude believes in Corporate Social Responsibility. We believe that our success should be defined by both our financial performance and the positive contribution we make to society.
Although Com Laude falls below the threshold under section 54 Modern Slavery Act 2015 which requires publication of a modern-day slavery statement, we fully understand our obligations to comply with this legislation. We consider matters of Slavery and Human Trafficking when entering into contractual arrangements as part of a zero-tolerance approach that aligns with our values and pass this requirement contractually down our supply chain.
For further information, contact any of the leaders of Com Laude.
Vulnerability Disclosure Policy
Com Laude works with brands to maximise their ability to do business online. We do this through strategic domain name management, protecting against cyber-attacks, and counteracting digital brand infringement. As part of this we are committed to providing secure, stable and resilient infrastructure and systems for our clients.
This policy applies to persons who identify vulnerabilities in our systems and who are not affiliated with Com Laude and its related corporate entities. If you are a client of ours, we recommend you contact your client manager.
For the purpose of this policy, the following definitions apply.
Com Laude System: any system that is owned, controlled or managed by the Com Laude Group, including its related corporate entities.
Finder: any legal or natural person who identifies a potential Vulnerability in the Com Laude System.
Reporter: the person who originates the message of a potential Vulnerability to Com Laude (often the same person as a Finder).
Vulnerability: a flaw or weakness in a system’s design, implementation, or operation and management that could be exploited to violate the system’s security policy.
Reporting a Vulnerability
If you find a Vulnerability in a Com Laude System, we ask that you report it to us at firstname.lastname@example.org straight away so that we can remediate the Vulnerability as quickly as possible. We ask that Finders and Reporters:
a. do not disclose the Vulnerability to any other party to mitigate the risk of others maliciously utilising the Vulnerability;
b. do not exploit a security issues that you discover for any reason;
c. make a good faith effort to avoid privacy violations and disruptions to others, including but not limited to unauthorised access to or destruction of data and interruption or degradation of our services; and
d. do not access user data or company data including but not limited to personally identifiable information and data relating to an identified or identifiable natural person as Finders and Reports are not authorised to do so.
When reporting a Vulnerability, we ask that you include screenshots, a description of the process you used to identify the Vulnerability, the time and date of discovery, and any other information that would allow us to replicate or otherwise verify the Vulnerability. After reporting a Vulnerability, we ask that Finders and Reporters do not engage in further scrutiny or exploitation of the Vulnerability.
We take cyber security seriously at Com Laude and always appreciate those who take the time to report Vulnerabilities. We will not take legal action against Finders or Reporters if they adhere to this policy and if:
a. they do not compromise the availability, security or privacy of Com Laude Systems; or
b. they have received prior written permission from Com Laude to engage in vulnerability or penetration testing and the identification of the Vulnerability is within the scope of our written permission.
This is contingent on Finders and Reporters:
a. Not violating any applicable laws or regulations; and
b. Not publicly sharing the Vulnerability or related details until Com Laude has remediated the Vulnerability. For the avoidance of doubt, this does not permit Finders or Reporters to share details of a Vulnerability unless Com Laude provides written permission in advance to do so.
Remediating the Vulnerability
Once we have verified the Vulnerability, we will follow our internal processes to remediate the Vulnerability. The time to develop and deploy a remediation for a Vulnerability will be on a case by case basis and will be based largely on our own internal categorisation of the impact and exploitability of the Vulnerability. We will inform you after we have deployed a remediation for the Vulnerability.
Public Awareness of Vulnerabilities
The majority of the Com Laude Systems are internal or client facing and not available to the public. In most instances we will only share the details of the Vulnerability with the affected parties, that is, our clients and staff. However, this will depend on the nature of the Vulnerability. For example, we would always disclose data breaches where required by law.