Responsible Disclosure

Responsible Disclosure
  • We pay a lot of attention to the safety and security of our information systems. However, if you find a weakness or something that could be improved, we would like you to inform us as soon as possible.

  • The National Cyber Security Center (NCSC) of the Dutch ministry of Security and Justice has issued recommendations on how to deal with the reporting and handling of security weaknesses in a responsible manner. We have adopted these recommendations, and in addition have implemented the following Responsible Disclosure guidelines:

    • Report your findings by filling out the applicable form.
    • Do not abuse the weakness (by copying, change or delete data) and do not share the information with others until the weakness is fixed.
    • All communication shall take place via Gasunie.
  • If you do find a weakness in our system or see things that could be improved, we will:

    • Respond to your report within 5 working days with our assessment and an estimated date of a solution;
    • Treat your report confidentially and not share your information with others unless we are legally obligated to do so;
    • Not take any legal action regarding the reporting person if he/she has acted in accordance with the security policy and in a proportionate manner, as specified by the NCSC, unless there has been a breach of or damage to third-party systems, other persons or personal information.
  • We may also decide to express our appreciation and / or offer public credit to the discloser. This will be decided on a case-by-case basis.