Reporting security concerns to Gentrack
If you have found a potential security vulnerability or privacy breach in any of our software solutions or digital channels, please contact our security team as soon as possible by email at firstname.lastname@example.org or make contact with one of our local offices – Contact Us. If you are reporting a sensitive issue, please encrypt your message using our security team’s GPG key (ID: 0x1F0E5F9C, fingerprint: FF65 A7D2 E194 33F4 2184 703B 38AF 8680 1F0E 5F9C).
With your help, we can ensure that potential vulnerabilities are quickly investigated using our established security response procedures and any threats are eliminated without delay.
Security is a top priority
Gentrack values the trust that our customers place in us by letting our people interact with their data and systems. We take our responsibility to protect and secure your information seriously and strive for transparency around our security practices.
We understand how critical security is to your business and in turn maintaining trust with your customers. Our customer-focused principles ensure that security continues to be a top priority for Gentrack and our goal is to ensure that we retain your confidence in using our products and services. And we are committed to maintaining robust processes and operations that are designed around a core security ethos.
ISO/IEC 27001:2013 (Information Security Management)
To support our commitment to Information Security Management, Gentrack is an ISO/IEC 27001:2013 certified organisation. The approved administration systems apply to the following:
- Provider of specialised Cloud-based systems for the Utilities and Airport industry in accordance with Statement of Applicability Version 1, dated 27th September 2017.
ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organisation. The purpose of this international standard is to help organisations establish and maintain an information security management system to manage and control information, security risks as well as maintaining the integrity, protection, preservation and confidentiality of information.
Dedicated Security Expertise
Gentrack has a dedicated and highly skilled security team which focuses on application, network, and system security. This team is also responsible for security compliance, education, and incident response.
Gentrack maintains and regularly reviews and updates its information security policies, and all employees must acknowledge these policies and any updates on an annual basis. Appropriate job specific security training and skills development is also undertaken as required.
All contracts with customers clearly stipulate our security obligations along with those of the respective customer. These include but are not limited to the following:
- The protection of customer data against unauthorised access
- Meeting legislative and regulatory requirements
- Development, maintenance and testing of Business Continuity plans
- Reporting and investigation of actual or suspected information security breaches
- Security procedures including virus control measures, encryption, password control and continuity plans.
Our Data Protection Policy also has further details on the ways we handle personal data.