Last updated: 01 December 2022
Purpose and Scope
1. Liqvid PTE. LTD is committed to identifying, tracking, and remedying security vulnerabilities and flaws in a timely manner to ensure the confidentiality, integrity, and availability of the company's information assets. This policy outlines the process for identifying, tracking, and managing security vulnerabilities and flaws, as well as the responsibility of employees in this process.
2.1. Security Vulnerability: Any weakness or flaw in an information system, network, or application that can be exploited to compromise the confidentiality, integrity, or availability of information.
2.2. Flaw: Any error or defect in software code or hardware design that can affect the performance, reliability, or security of information systems.
2.3. Risk: The potential for loss or damage to assets, operations, or individuals resulting from a security vulnerability or flaw.
2.4. Risk Assessment: A systematic process for identifying, evaluating, and prioritizing security risks.
3.1 Identification and Assessment of Flaws and Vulnerabilities
Liqvid PTE. LTD regularly conduct risk assessments to identify and assess security vulnerabilities and flaws in the company's information systems, network, and applications. The risk assessments are conducted by a designated team and take into account the severity and likelihood of the risk, as well as the potential impact on the company's information assets.
3.2 Remediation of Flaws and Vulnerabilities
Upon identification of a security vulnerability or flaw, the designated team is responsible for prioritizing and managing the remediation process. Remediation efforts are based on the level of risk identified in the risk assessment and will be prioritized accordingly. The remediation process is managed in a timely and effective manner, and any security vulnerabilities or flaws identified are documented.
3.3 Reporting of Flaws and Vulnerabilities
Liqvid PTE. LTD has established reporting process for employees to report any security vulnerabilities or flaws that they identify. The reporting process is communicated to all employees, and employees are encouraged to report any security vulnerabilities or flaws in a timely manner. Employees who report security vulnerabilities or flaws will not be subject to any adverse action as a result of their report.
4.1 The designated team responsible for conducting risk assessments, managing the remediation process, and documenting any security vulnerabilities or flaws identified.
4.2 Employees are responsible for reporting any security vulnerabilities or flaws that they identify in accordance with the established reporting process.
5. Non-compliance with this policy may result in disciplinary action up to and including termination of employment or legal action.
Review and Update
6. This policy will be reviewed and updated on an annual basis or as necessary to ensure its continued relevance and effectiveness.Download Liqvid Flaws Tracking Policy