Our customer-focused culture ensures that security is a top priority. We are open and transparent with our security program so you can feel safe using our cloud and server products. Hindsight operates an Information Security Management System (ISMS) based on ISO27001 and uses ISO27002 and CSA Cloud Controls Matrix v3.0 as a source of controls. Hindsight isn't certified under ISO27001 but is certified under the Cyber Essentials scheme. View the certificate
Cloud security statement
Our Cloud security statement details many of the questions that we receive from customers about how we run and secure our cloud services. Read the statement
Report a vulnerability
We love hearing about ways we can improve the security of our products. Our commitment to delivering secure software for our customers is aided by the security community.
If you have found a security vulnerability, please disclose it to us by emailing the details to security@hindsightsoftware.com. If the vulnerability is new to us, we will reward you with some free Behave Pro swag. Hindsight makes all vulnerability bug reports a priority and will respond within 24 hours or less.
Security bug fix policy
In the event of a vulnerability, we will assess the severity and if necessary notify any customers that may be affected within 24 hours.
Hindsight aims to meet the following guidelines for deploying security issue fixes and they are categorised into the 4 severity levels, which usually have some of the following characteristics:
Critical
CVSS v2 score >= 8, CVSS v3 score >= 9
Exploitation results in compromise of servers or infrastructure
Data required to exploit the vulnerability is widely available
Exploitation doesn't require any special credentials or knowledge
Hindsight aims to resolve this vulnerability level within 24 hours or as soon as possible.
High
CVSS v2 score >= 6, CVSS v3 score >= 7
Difficult to exploit
Exploitation does not result in special privileges or data loss
Hindsight aims to resolve this vulnerability level within 1 week.
Medium
CVSS v2 score >= 3, CVSS v3 score >= 4
Denial of service vulnerabilities that are difficult to set up
Require an attacker to reside on the same local network as the victim
Require an attacker to manipulate the victim via social engineering
Vulnerabilities where the outcome provides very limited access
Hindsight aims to resolve this vulnerability level within 2 weeks.
Low
Little to no impact to the organisations business
Vulnerabilities that require physical access to the system
Hindsight aims to resolve this vulnerability level within 1 month.