Legal Resources Trust and Safety Security and Compliance
Brightspeed is committed to continuously striving to implement world-class security and risk management programs to protect our brand, people, shareholders and data, and to enable solutions by maintaining security processes and industry accepted standards, regulations and certifications that protect our customers, products and data. We are a trusted partner and advisor with a risk-based focus to support business growth while consistently exceeding our customer needs and expectations.
Brightspeed maintains a suite of the latest industry standards that ensures compliance and security are built into all of the products and services Brightspeed has to offer. Brightspeed trains and provides core security awareness that encourages our employees to recognize and defend against any Brightspeed cybersecurity risks.
By implementing operational best security practices, administrative security, framework, risk management and knowledge management practices, Brightspeed has developed an effective overall cybersecurity program for security, privacy and compliance. Brightspeed focuses on all aspects of security operations automation, vendor risk management, remote workforce risk management and an insider threat program. Brightspeed is committed to ensuring business resiliency and survivability during an incident or business disruption. Our Corporate Business Continuity Management program supports an environment of prevention, collaboration, communication, response and recovery, ultimately ensuring our ability to serve customers, shareholders and employees in the face of disruptive events.
Brightspeed knows that maintaining proper security and compliance programs is critical to supporting and protecting our customers’ data and meeting their compliance requirements. We partner with external auditors to perform an assortment of annual assessments that meet industry and regulatory requirements. Brightspeed provides our customers with confidence in our security through attestations and certifications that meet stringent security and regulatory requirements.
Brightspeed greatly appreciates you informing us about security issues you discover. We take vulnerability disclosures very seriously and have an official Vulnerability Disclosure Program managed by HackerOne. We work with security researchers in good faith to secure Brightspeed’s systems. Because Brightspeed is an ISP and cloud provider, it can be difficult to distinguish between Brightspeed owned addresses and our millions of public IP addresses that we have allocated to customers. Though we develop and maintain other internet-accessible systems and services, we ask that active research and testing only be conducted on Brightspeed systems (including those of its affiliate companies such as CenturyLink and Quantum Fiber).
We ask the following of you when conducting vulnerability research and submitting vulnerabilities to Brightspeed:
Do not engage in any of the following activities:
This Policy and the Vulnerability Disclosure Program administered by HackerOne is subject to change or cancellation at any time without notice. This Policy is for informational purposes only and it does not create any binding obligation on Brightspeed or any legal relationship between Brightspeed and anyone who submits a vulnerability.
Please read the details of our VDP program on https://hackerone.com/brightspeed?type=team.