EasyQMS
Book a demo
All policies

Vulnerability Disclosure Policy

We welcome security research that helps keep EasyQMS users safe. This policy explains how to report issues and what you can expect from us.

Last updated: Thursday 4th June 2026

This document is a working template. Specifics marked [REVIEW] must be confirmed by EasyQMS leadership and legal counsel before being relied upon contractually.

Scope

  • In scope: easyqms.co.uk, *.easyqms.co.uk and the EasyQMS application.
  • Out of scope: denial-of-service, social engineering of staff, physical attacks, third-party services we don't operate.

How to report

Email security@easyqms.co.uk with a clear description, reproduction steps, impact, and any suggested fix. PGP key available on request.

Safe-harbour

Provided you act in good faith, stay within scope, do not exfiltrate or destroy data, and give us reasonable time to fix before disclosing publicly, we will not pursue legal action against you for your research.

Our commitment

  • Acknowledge your report within 2 business days.
  • Provide a triage outcome within 10 business days.
  • Credit you in our disclosure log if you'd like (or stay anonymous).

Contact

Questions about this policy? Email privacy@easyqms.co.uk.