Cloud Security Policy
Procedure in the face of possible vulnerabilities
When a potential security problem is identified, Athento will take the following steps to deal with the incident:
Evaluate the scope and seriousness of the problem
Carry out a product update that will resolve possible risks as soon as possible
Once the vulnerability is identified and known, we will inform our clients about the update carried out
Security alerts
The priority for our team is to resolve all vulnerabilities to the service as soon as possible. Once identified, they will be published in the Release Notes of the version showing the vulnerability.
Once the possible vulnerability has been resolved, we will send out a notification via email alerting clients that the vulnerability has been resolved, providing details about how this has been done.
The email will be sent to all authorized support contacts.
If possible data loss is identified, affected clients will be notified immediately and they will also be told of the action taken to resolve the situation.
Alert severity level
The alerts will also show the severity of the resolved vulnerability. The vulnerability levels are described below:
Severity Description
How to report possible vulnerabilities
All Athento clients have, on their product interface, a button that allows them to report any kind of problem.
In addition, Enterprise support account users have access to our Support Center. These clients can use the Support Center to report possible vulnerabilities.
Finally, clients can also use the support@athento account to report this kind of incident.