NRB Consultancy Services Ltd is committed to the security of our services and systems, including the PASDOC platform at app.pasdoc.com. We take a coordinated and constructive approach to addressing security vulnerabilities — one designed to protect our clients, partners and users.
This policy covers vulnerabilities discovered in any NRB or PASDOC service, whether by members of the public, security researchers or our own team.
If you believe you have discovered a vulnerability in any NRB Consultancy Services or PASDOC system, please contact us as soon as possible:
Please include as much detail as possible — the nature of the vulnerability, how it was discovered, the potential impact and any steps to reproduce it. We appreciate the use of standard vulnerability severity scoring where applicable.
We ask that you keep all communication regarding the vulnerability confidential until we have had the opportunity to investigate and address it.
Acknowledgement — We will acknowledge receipt of your report within 2 working days and confirm that it is being investigated.
Investigation — We will investigate and verify the reported vulnerability. We will keep you informed of progress where possible.
Resolution — We will address verified vulnerabilities and release an update or patch within 90 days. If this timeframe cannot be met, we will provide information on recommended mitigations and a revised timeline.
Disclosure — Where appropriate, we will acknowledge the contribution of the person who reported the vulnerability in our release notes, unless they prefer to remain anonymous.
This policy applies to all NRB Consultancy Services and PASDOC digital services, including:
We ask that security researchers and reporters act responsibly — avoiding any action that could disrupt services, access or modify client data, or compromise the privacy of our users. We commit to working with you in good faith and will not pursue legal action against individuals who report vulnerabilities responsibly in accordance with this policy.
We greatly appreciate the efforts of anyone who takes the time to identify and responsibly disclose security issues. Your contribution helps us protect our clients and improve our services.