Consultation Manager is an ISO27001/9001 compliant product and as such we regularly perform penetration testing and vulnerability testing of our application suite.
Our current adopted guidelines ensure we perform:
-
An annual third-party penetration testing scan of our platform (involving hundreds of automated endpoint checks as well as multiple days of manual testing);
-
Quarterly internal scans of our platform; and
-
Release level checks to identify any new vulnerabilities of any dependent libraries we use.
An annual third-party penetration testing scan of our platform (involving hundreds of automated endpoint checks as well as multiple days of manual testing);
Quarterly internal scans of our platform; and
Release level checks to identify any new vulnerabilities of any dependent libraries we use.
We remedy vulnerabilities as follows:
-
CRITICAL - We attempt to fix critical vulnerabilities as soon as possible in the next release.
-
HIGH - Fixes for high-priority vulnerabilities are prioritised into our immediate roadmap and generally available within the quarter.
-
MEDIUM/LOW - Occasionally medium or low risk items are known ‘vulnerabilities’ that are vital to operating our platform (e.g. a specific open port). We assess all vulnerabilities and any that are deemed necessary and safe to remedy are generally addressed in the short-term roadmap (3-6 months).
A copy of our latest scan is also available under an NDA. Any security related questions please feel free to contact our security team at security@consultationmanager.com