Cybersecurity Policy bij IDIS

Cybersecurity

Vulnerability Management

IDIS takes a thorough and transparent approach to managing and responding to vulnerabilities in our products and services, minimizing potential risks for our customers.

IDIS Vulnerability Management Policy

IDIS adheres to industry best practices in managing and responding to any security vulnerabilities detected in our products. While it is impossible to ensure that our products and services are completely devoid of vulnerabilities – a reality that is not unique to IDIS but common to all software and services – we can assure you that we make a sustained effort at every stage of development to identify and address potential vulnerabilities. This approach significantly reduces the risk associated with deploying our products and services in customer environments.

Response Team

The IDIS Cybersecurity Team (security@idisglobal.com) is a specialized department committed to identifying and addressing any potential security vulnerabilities within IDIS’s products. We are dedicated to swift and effective responses in the event of a security vulnerability, which includes comprehensive analysis and the development of countermeasures. Should you encounter any signs of security vulnerability in your product, please do not hesitate to inform us. We assure you that our team is equipped to handle the situation promptly and efficiently.

Response Process

Upon receipt of a security vulnerability report, we immediately assemble our Security Breach Incident Response Team. This team’s principal mission is to meticulously dissect the nature and implications of the vulnerability, to devise an effective resolution, and to expediently release the updated, patched firmware on our website with the utmost urgency.

Notice Policy

The firmware that has been patched for vulnerabilities is uploaded to our website alongside the Vulnerability Report. To prevent zero-day attacks, we withhold the details of the vulnerability (including the nature of the vulnerability, information on affected products and firmware versions, risks, and countermeasures) until the patched firmware is released on our website. In order to deter potential mimicry of attacks, we also avoid disclosing specifics such as attack scenarios related to the vulnerabilities. If the vulnerability impacts multiple products, we ensure the simultaneous release of the respective firmware patches.

IDIS Product Security Long-term Support Policy

Long-term Support Policy Download

IDIS offers long-term support with firmware updates. These can be found on the Downloads page and are announced in the newsletters. Our Technical Bulletin provides an overview of all updates in the past quarter, including the Release Notes. While updating surveillance camera firmware is essential for ensuring system security and and that you have the most current version, some organizations may hesitate due to potential impacts on system stability. However, delaying or neglecting firmware upgrades can be harmful, especially given the substantial cybersecurity benefits they provide.

Report a Vulnerability

If you have discovered a new vulnerability in any of our products or services, we encourage you to submit your discovery to security@idisglobal.com. The IDIS Cybersecurity Team will respond to your vulnerability submission within 7 days and aim to assess your report within the same timeframe.
After thoroughly reviewing the information you provided, if any vulnerabilities are identified, we will contact you individually with details, and you can also track the progress of your report: https://www.idisglobal.com/ticket.