Join us at Insights 2024 -Where visionary ideas meet actionable strategies dot-arrow
Get Started
search
close-icon
Accruent Lucernex Logo

Real Estate Management Software
Accruent RedEye Logo

Cloud-Native Engineering Document Management Solution
Accruent Maintenance Connection Logo

Computerized Maintenance Management System (CMMS)
Accruent EMS Logo

Desk, Room and Event Scheduling Made Easy
Accruent Space Intelligence Logo

An Integrated Space Management Software
Accruent Observe Logo

IoT Remote Monitoring, Control and Energy Management
Accruent Service Channel Logo

Automated Facilities Management Software
Accruent TMS Logo

Healthcare CMMS for Maintenance Program Excellence
Accruent Data Insights Logo

Medical Equipment Planning Made Easy
Accruent Famis 360 Logo

Facilities Lifecycle Management Software
Accruent Siterra Logo

All-in-One Telecom Site Management Software
Accruent Meridian Logo

The Hybrid Engineering Document Management Solution
Products Overview
Explore Interactive Product Demos

Solutions

Industries

Solutions Overview
Industries Overview

Resources

Browse our full library of resources all in one place, including webinars, whitepapers, podcast episodes, and more.

View All Resources

Support

Looking for access to technical support, best practices, helpful videos, or training tools? You’ve come to the right place.

Get Customer Support

About Accruent

Get the latest information on Accruent, our solutions, events, and the company at large.

Contact Us

Accruent PSIRT Policy

Overview

The Accruent PSIRT team is responsible for maintaining security standards for Accruent products by assessing and minimizing customer risk associated with security vulnerabilities by providing timely information, guidance and remediation for vulnerabilities in our products. The Accruent global PSIRT team manages the receipt, investigation, remediation and public reporting or information about security vulnerabilities related to Accruent products. Key responsibilities of the Accruent PSIRT team are to intake, triage, respond to and disclose externally identified vulnerabilities in Accruent products.

Reporting

Accruent welcomes reports of potential product vulnerabilities from independent researchers, industry organizations, vendors, customers and others concerned with product security.

To report a potential vulnerability, please use the Report a Potential Vulnerability form below.

Escalation Procedures

Accruent offers a clear and easily accessible reporting channel via a secure contact form on the Report a Vulnerability page. Each form submission generates a ticket which is reviewed by a member of our PSIRT team.

Responsible disclosure reports will receive an automatic response indicating that we have received their submission. A member of our PSIRT team will reach out to the reporter with the vulnerability verification results.

Time to remediation is determined by the vulnerabilities’ priority level; please see Incident Classification below. Public disclosure of a Accruent vulnerability may be disclosed within the product release notes.

Vulnerability Classification

Accruent follows NIST standards available here: https://nvd.nist.gov/vuln-metrics/cvss.

PSIRT Vulnerability Management Process

The vulnerability management process is a systematic approach to identifying, assessing, prioritizing and addressing vulnerabilities within Accruent applications. It involves a series of activities aimed at reducing the risk posed by vulnerabilities and ensuring the overall security of our organization’s offered products.

Vulnerability triage steps are as follows:

  1. Intake: Receive vulnerability report and acknowledge receipt.
  2. Analysis: Identify vulnerability from internal source and verify the report. Verify the vulnerability.
  3. Feedback: Inform reporter of vulnerability verification status.
  4. Remediation: Develop and deploy remediation.
  5. Disclosure: Publish advisory within release notes. Engage in post-remediation activities.

Vulnerability Management

Accruent takes security concerns seriously and prioritizes their prompt evaluation and approach. Response timelines will depend on a number of factors including the severity and impact, specific product or feature affected, the current product development cycle and the technical requirements needed to properly address the concern or issue. Remediation may include any of the following actions:

  1. A new product release
  2. An Accruent security update
  3. Third-party-directed update installation or patch
  4. Other procedural approach to mitigate the vulnerability or concern

Accruent is dedicated to the prompt resolution of all potential or actual security vulnerabilities but does not guarantee any specific remediation or resolution for reported concerns.

Coordination with Stakeholders

In addition to the Accruent PSIRT team outlined above, Accruent may employ commercial incident investigation firms if necessary to properly address any given issue.

PSIRT team communication tools include those approved for corporate use for widespread communication within Accruent and for the project and task tracking of engineers. This is how Accruent will disseminate information to appropriate stakeholders.

Report a Potential Vulnerability

To report a vulnerability, please fill out the form below. We aspire to respond to researchers within 72 hours regarding the status of the potential finding. We appreciate your patience and dedication to improving the security of products at Accruent. 

 

The time is now to unify your built environment with purpose-built solutions

Request a demo

Subscribe to stay up to date with our latest news, resources and best practices

Company
Products
Solutions
Industries
Support
Resources
Cookies Settings
English (United Kingdom)