Security Policy

We take the security of our platform and our clients’ data very seriously.

HSE Risk Assessment encourages responsible disclosure of security vulnerabilities. This policy outlines how we expect researchers to report issues and what they can expect from us in return.

1. Scope

This policy applies to all websites, services, and systems owned or operated by HSE Risk Assessment, including:

hseriskassessment.com and all subdomains
The web-based Safety Risk Assessment Database
Associated APIs and services

2. How to Report a Vulnerability

If you discover a security issue, please report it responsibly by emailing:

support@hseriskassessment.com

In your report, please include as much detail as possible, such as:

A clear description of the vulnerability
Steps to reproduce the issue
Any potential impact
Suggested fix (if known)

3. What to Expect

We will acknowledge receipt of your report within 48 hours
We will investigate and provide a timeline for remediation
We will keep you informed of our progress
After the issue is resolved, we will credit you (unless you wish to remain anonymous)

4. Safe Harbor

Anyone who follows this policy and acts in good faith will not face legal action from us. We consider activities conducted in accordance with this policy to be:

Authorized concerning any applicable anti-hacking laws
Exempt from restrictions in our Terms of Service

5. Out of Scope

The following are not in scope for this program:

Denial of Service (DoS) attacks
Physical attacks against our offices or staff
Social engineering of staff or customers
Issues in third-party services we use

Thank you for helping keep HSE Risk Assessment and our clients safe.

Success

Action completed successfully