PSTI Statement of Compliance

We, HKC Security Ltd., hereby declare that the products listed below are in conformity with the applicable security requirements set out in Schedule 1 of The Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023.

Vulnerability Disclosure

HKC Security Ltd. maintains a vulnerability disclosure process to enable security researchers and other parties to report potential security vulnerabilities in our products. If you believe you have identified a security vulnerability, you should report the matter by email to: productsecurity@hkc.ie

Reports should include sufficient detail to enable HKC Security Ltd. to reproduce and assess the issue.

Handling of Vulnerability Reports:

HKC Security Ltd. is committed to handling vulnerability reports in a timely, transparent, and responsible manner. In particular:

Acknowledgement of receipt:
HKC Security Ltd. will acknowledge receipt of a vulnerability report within three (3) working days of receipt.

Assessment and communication:

HKC Security Ltd. will assess the reported vulnerability and may contact the reporting party for further information where necessary.

Status updates:
HKC Security Ltd. will provide the reporting party with status updates at intervals of no greater than fourteen (14) calendar days, or more frequently where appropriate, until:

the vulnerability is resolved; or a remediation plan or mitigation has been communicated.

HKC Security Ltd. may vary these timeframes in exceptional circumstances (including, but not limited to, the complexity or severity of the vulnerability), but will use reasonable endeavours to maintain timely communication throughout.