All our relevant connectable products comply with The Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023. Recognising the potential for security risks in any connected product, we have established a Vulnerability Disclosure and Management Policy to address these concerns effectively.
All electriQ branded products launched after 1st January 2024 we offer a minimum of 5 years of security updates. Click Here to view the support end dates.
We encourage the responsible reporting of any security vulnerabilities in our products. This includes issues in internet-connected devices, associated mobile applications, and any service that interacts with our devices. Reports can be submitted via our designated PSTI email address (TiSecurity@BuyItDirect.co.uk ).
When reporting a vulnerability we ask that you:
We aim to acknowledge receipt of all vulnerability reports as soon as possible, but no later than 5 working days from its submission. We will then work closely with the reporter to understand the nature of the issue identified, and once confirmed develop a plan for its resolution.
We aim to resolve any reported vulnerabilities within 90 days from the acknowledgment of the report. This includes deploying updates to affected products and implementing measures to mitigate the risk of future vulnerabilities. In cases where immediate resolution is not feasible, we will take appropriate temporary measures to mitigate the risks posed by the vulnerability to our customers and their data.