OPS ONLINETHREAT LEVEL: ELEVATEDSECTOR 04 · ACTIVE WATCHUPLINK NOMINAL · 99.997%MISSION CLOCKT+ 00:00:00DOCTRINE FM-26.A

Security & Responsible Disclosure

How we handle engagement evidence, and how to report a security issue with our own systems — the same standard we hold our clients to.

Responsible disclosure

If you've found a security issue in ACS's own website or infrastructure, report it topentjk@gmail.com. Include enough detail to reproduce the issue. We'll acknowledge receipt and keep you updated as we investigate and remediate.

We ask that you avoid accessing or modifying data that isn't yours, avoid degrading service for other users, and give us reasonable time to remediate before public disclosure.

How engagement evidence is handled

Findings, credentials, and environment access provided for an engagement are handled under the confidentiality terms of the engagement agreement. Evidence is not retained beyond what the engagement and any agreed retest period require.

NDA availability

Engagements are conducted under NDA as standard practice, not an exception you have to request. An NDA can be executed before any engagement-specific detail is exchanged.

Contracting process

Engagements typically start with a scoping conversation (see Contact), followed by a written scope of work and an NDA where relevant, before any assessment or engineering work begins.