Consultation Manager is an ISO27001/9001 compliant product and as such we regularly perform penetration testing and vulnerability testing of our application suite.

Our current adopted guidelines ensure we perform:

• An annual third party penetration testing scan of our platform (involving hundreds of automated endpoint checks as well as multiple days of manual testing);
• Quarterly internal scans of our platform; and
• Release level checks to identify any new vulnerabilities of any dependant libraries we use.

We remedy vulnerabilities as follows:

• CRITICAL - We attempt to fix critical vulnerabilities as soon as possible in the next release.

• HIGH - Fixes for high priority vulnerabilities are prioritised into our immediate roadmap and generally available within the quarter.

• MEDIUM/LOW - Occasionally medium or low risk items are known ‘vulnerabilities’ that are vital to operating our platform (e.g. a specific open port). We assess all vulnerabilities and any that are deemed necessary and safe to remedy are generally addressed in the short-term roadmap (3-6 months).

Our December 2020 third party penetration testing highlighted:

• NO CRITICAL issues;

• 2 HIGH issues that we have scheduled for a February release fix; and

• 10 MEDIUM-LOW issues that we have deemed safe to address in our short term roadmap.

A copy of our latest scan is also available under an NDA. Any security related questions please feel free to contact our security team at security@consultationmanager.com