Consultation Manager is an ISO27001/9001 compliant product and as such we regularly perform penetration testing and vulnerability testing of our application suite.
Our current adopted guidelines ensure we perform:
- An annual third party penetration testing scan of our platform (involving hundreds of automated endpoint checks as well as multiple days of manual testing);
- Quarterly internal scans of our platform; and
- Release level checks to identify any new vulnerabilities of any dependant libraries we use.
We remedy vulnerabilities as follows:
CRITICAL - We attempt to fix critical vulnerabilities as soon as possible in the next release.
HIGH - Fixes for high priority vulnerabilities are prioritised into our immediate roadmap and generally available within the quarter.
MEDIUM/LOW - Occasionally medium or low risk items are known ‘vulnerabilities’ that are vital to operating our platform (e.g. a specific open port). We assess all vulnerabilities and any that are deemed necessary and safe to remedy are generally addressed in the short-term roadmap (3-6 months).
Our December 2020 third party penetration testing highlighted:
NO CRITICAL issues;
2 HIGH issues that we have scheduled for a February release fix; and
10 MEDIUM-LOW issues that we have deemed safe to address in our short term roadmap.
A copy of our latest scan is also available under an NDA. Any security related questions please feel free to contact our security team at security@consultationmanager.com