How we handle engagement evidence, and how to report a security issue with our own systems — the same standard we hold our clients to.
If you've found a security issue in ACS's own website or infrastructure, report it to[email protected]. Include enough detail to reproduce the issue. We'll acknowledge receipt and keep you updated as we investigate and remediate.
We ask that you avoid accessing or modifying data that isn't yours, avoid degrading service for other users, and give us reasonable time to remediate before public disclosure.
Findings, credentials, and environment access provided for an engagement are handled under the confidentiality terms of the engagement agreement. Evidence is not retained beyond what the engagement and any agreed retest period require.
Engagements are conducted under NDA as standard practice, not an exception you have to request. An NDA can be executed before any engagement-specific detail is exchanged.
Engagements typically start with a scoping conversation (see Contact), followed by a written scope of work and an NDA where relevant, before any assessment or engineering work begins.