Skip to main content
Finpliq
Start free
← Policy library

Security

Vulnerability Management Policy

How Finpliq identifies, triages, fixes and records security weaknesses.

Owner
Security & Engineering
Effective from
8 July 2026
Last reviewed
8 July 2026
Review cycle
Annual or following material change

At a glance

Security findings should be logged, prioritised and remediated based on risk.

Responsible disclosure reports are welcomed through the published disclosure route.

Full policy

Sources include dependency alerts, code review, internal testing, responsible disclosure, security scans and operational incidents.

Findings are prioritised using likelihood, impact, data sensitivity, exploitability and whether customer or HMRC-related data is affected.

Critical issues require immediate triage and mitigation. Lower-risk items should be scheduled into the release backlog with accountability.

Vulnerability fixes must be regression-tested against authentication, tenant isolation and filing workflows.