Cloud Security Policy

Procedure in the face of possible vulnerabilities

When a potential security problem is identified, Athento will take the following steps to deal with the incident:

  1. Evaluate the scope and seriousness of the problem

  2. Carry out a product update that will resolve possible risks as soon as possible

  3. Once the vulnerability is identified and known, we will inform our clients about the update carried out

Security alerts

The priority for our team is to resolve all vulnerabilities to the service as soon as possible. Once identified, they will be published in the Release Notes of the version showing the vulnerability.

Once the possible vulnerability has been resolved, we will send out a notification via email alerting clients that the vulnerability has been resolved, providing details about how this has been done.

The email will be sent to all authorized support contacts.

If possible data loss is identified, affected clients will be notified immediately and they will also be told of the action taken to resolve the situation.


Alert severity level
 

The alerts will also show the severity of the resolved vulnerability. The vulnerability levels are described below:

Severity Description

 

 

Blocker

This kind of vulnerability can compromise the system in any of the following ways:

  • Data stored in the cloud is compromised

  • Server in operation is compromised

  • There is the risk of a denial-of-service attack (legitimate users will be prevented from accessing the system due to an attack)

Critical

One of the above vulnerabilities has been identified but only for the client who reported it

Major

All other vulnerabilities that do not comply with the characteristics listed in the previous two categories are included in this severity level




 

How to report possible vulnerabilities

 


All Athento clients have, on their product interface, a button that allows them to report any kind of problem.

 

In addition, Enterprise support account users have access to our Support Center. These clients can use the Support Center to report possible vulnerabilities.

Finally, clients can also use the support@athento account to report this kind of incident.