We pay a lot of attention to the safety and security of our information systems. However, if you find a weakness or something that could be improved, we would like you to inform us as soon as possible.
The National Cyber Security Center (NCSC) of the Dutch ministry of Security and Justice has issued recommendations on how to deal with the reporting and handling of security weaknesses in a responsible manner. We have adopted these recommendations, and in addition have implemented the following Responsible Disclosure guidelines:
- report your findings by filling out the form below
- do not abuse the weakness (by copying, change or delete data) and do not share the information with others until the weakness is fixed
- all communication shall take place via Gasunie
If you do find a weakness in our system or see things that could be improved, we will:
- respond to your report within 5 working days with our assessment and an estimated date of a solution
- treat your report confidentially and not share your information with others unless we are legally obligated to do so
- not take any legal action regarding the reporting person if he/she has acted in accordance with the security policy and in a proportionate manner, as specified by the NCSC, unless there has been a breach of or damage to third-party systems, other persons or personal information
We may also decide to express our appreciation and/or offer public credit to the discloser. This will be decided on a case-by-case basis.