Get Started
Contact us

Responsible Disclosure Policy

  • Home
  • /
  • Responsible Disclosure Policy
Global Institute for Sustainability Standards Pvt. Ltd. (GISS)

Responsible Disclosure Policy

Corporate Identity Number (CIN): U70200TN2026PTC192987

Website: www.gisstandards.com

Effective Date: 11 June 2026

1. Purpose

Global Institute for Sustainability Standards Pvt. Ltd. ("GISS", "we", "our", or "us") values the security and integrity of our website, digital systems, data, certification platforms, and communication channels. This Responsible Disclosure Policy explains how security researchers, users, partners, and the public may report potential vulnerabilities to us in a safe, lawful, and coordinated manner.

We encourage responsible reporting of suspected security weaknesses so that we can investigate and address them before they may be misused.

2. Scope

This policy applies to security vulnerabilities discovered in digital assets owned, operated, or controlled by GISS, including:

  • The official GISS website and related web pages
  • Online application, training, assessment, and certification interfaces operated by GISS
  • GISS-managed domains, forms, and communication channels
  • Systems that process or store GISS-owned information

Third-party platforms, social media websites, payment gateways, hosting providers, or external services not controlled by GISS are outside the scope of this policy.

3. How to Report a Vulnerability

If you believe you have discovered a security vulnerability, please report it promptly by email.

Security Reporting Contact

Email: security@gisstandards.com

Please include enough information for us to understand and reproduce the issue, such as:

  • A clear description of the suspected vulnerability
  • The affected URL, page, endpoint, or system
  • Steps to reproduce the issue safely
  • Screenshots, logs, or proof-of-concept details where appropriate
  • Your name and contact details if you would like us to follow up

4. Responsible Research Guidelines

When testing or reporting a vulnerability, you must act responsibly, lawfully, and in good faith. You agree to:

  • Avoid accessing, modifying, deleting, copying, or exfiltrating data that does not belong to you.
  • Avoid disrupting services, degrading system performance, or affecting availability for users.
  • Avoid social engineering, phishing, spam, physical attacks, or attempts to trick GISS personnel, partners, or users.
  • Avoid using automated high-volume scanning, denial-of-service testing, or destructive tools.
  • Stop testing immediately if you encounter sensitive information and report the issue to GISS.
  • Give GISS reasonable time to investigate and remediate the issue before public disclosure.

5. Activities Not Permitted

The following activities are strictly prohibited:

  • Denial-of-service or resource exhaustion attacks
  • Malware upload, execution, or distribution
  • Unauthorized access to accounts, systems, or confidential information
  • Data destruction, alteration, leakage, or extraction
  • Testing involving payment systems, third-party services, or systems outside GISS control
  • Public disclosure before GISS has completed review and remediation
  • Extortion, threats, or demands for payment

6. Our Response Process

After receiving a report, GISS will make reasonable efforts to:

  • Acknowledge receipt of the report within a reasonable timeframe
  • Review and validate the reported issue
  • Contact the reporter for clarification if needed
  • Prioritize remediation based on severity, risk, and potential impact
  • Notify the reporter when the issue has been addressed, where appropriate

Response times may vary depending on the complexity, severity, and scope of the reported vulnerability.

7. Confidentiality

Reports submitted under this policy should be treated as confidential. Reporters must not publicly disclose details of a vulnerability, affected systems, data exposure, or remediation status without written permission from GISS.

GISS will handle vulnerability reports with appropriate confidentiality and will only share information internally or with trusted service providers, advisers, or authorities where necessary for investigation, remediation, or legal compliance.

8. Recognition and Rewards

GISS appreciates responsible security reporting. At this time, we do not operate a public bug bounty or monetary reward program. Any acknowledgment or recognition is provided at the sole discretion of GISS and subject to reporter consent.

9. Legal Safe Harbor

GISS does not intend to pursue legal action against individuals who discover and report vulnerabilities in good faith, comply with this policy, avoid harm to users and systems, and do not access, copy, modify, destroy, or disclose data without authorization.

This policy does not authorize unlawful activity, access to systems beyond what is necessary to verify a vulnerability, or testing of third-party systems. GISS reserves all rights in cases of malicious, negligent, harmful, or unauthorized activity.

10. Privacy

Any personal information shared with GISS in connection with a vulnerability report will be handled in accordance with our Privacy Policy.

11. Changes to This Policy

GISS may update this Responsible Disclosure Policy periodically to reflect changes in our systems, security practices, legal requirements, or operational needs. Updated versions will be posted on this page with a revised effective date.

12. Contact Information

Global Institute for Sustainability Standards Pvt. Ltd.

Website: www.gisstandards.com

Security Email: security@gisstandards.com

Last Updated: 11 June 2026