Sureway Health and Wellbeing is committed to ensuring the security and privacy of its systems and data. We value the security community’s assistance in identifying and addressing potential vulnerabilities in our systems. This External Vulnerability Disclosure Policy outlines the process for reporting security vulnerabilities to Sureway Health and Wellbeing and sets expectations for responsible disclosure.
This policy aims to:
This Policy applies to all full time, part time and casual employees, any other people doing work on behalf of Sureway Group and its related entities (including licensees, contractors and sub-contractor staff).
If you believe you have discovered a security vulnerability within Sureway Health and Wellbeing’s systems, please follow these steps:
Contact Information
To report a vulnerability, please send an email to [email protected], which is our dedicated security contact. Additionally, you can refer to our ‘security.txt’ file for alternative contact information. Our ‘security.txt’ file is located at https://surewayhealthwellbeing.com.au/.well-known/security.txt.
Information Required
In your report, include the following information:
Provide Your Contact Information
We need a way to contact you for follow-up and coordination, so please provide your name and a valid email address.
Vulnerability Handling
Once we receive your vulnerability report, we will acknowledge receipt within 48 hours. Our security team will review the report and conduct an initial assessment of the vulnerability.
The Sureway IT Security Team will work diligently to:
Acknowledgment and Credit
Sureway Health and Wellbeing acknowledges and appreciates the efforts of security researchers and individuals who responsibly disclose vulnerabilities. Depending on the severity and impact of the vulnerability, we may provide public acknowledgment and credit for your responsible disclosure, with your consent.
Legal Considerations
Sureway Health and Wellbeing is committed to protecting security researchers and individuals who report vulnerabilities. We will not pursue legal action against individuals who follow this disclosure policy and act in good faith. However, this policy does not grant immunity for illegal activities or any violation of applicable laws.
Confidentiality
Sureway Health and Wellbeing will treat all vulnerability reports and related communications as confidential information. We request that security researchers also maintain confidentiality until we have resolved the issue.
Feedback and Questions
If you have feedback or questions regarding this policy, please contact us at [email protected].
Sureway Health and Wellbeing appreciates your dedication to improving the security of our systems. Your cooperation in following this External Vulnerability Disclosure Policy is essential to maintaining a secure environment for our organization and our users.
Thank you for your commitment to responsible disclosure.
Privacy Act 1988 (Cth)
Notifiable Data Breaches (NDB) Scheme: Under the Privacy Act
Cybersecurity Act 2020 (Cth)
Established in 1991, Sureway started as a local training provider in Wagga Wagga, New South Wales. Our mission has always been to collaborate closely with businesses across different sectors, enhancing their operations by upgrading the skills of their current and future workforce. Through identifying and fulfilling the unique needs of each business, we help level-up their performance and create long-term opportunities for communities.