Skip to content

Responsible Disclosure Program

At Central Trust Company, the security of client information is our number one priority. It is our mission to continually monitor and review all of our security measures to ensure that every client is protected. We are committed to maintaining top-level security and take each potential security vulnerability very seriously.

If you believe you have identified a potential security vulnerability, please contact our Responsible Disclosure Team immediately and they will be able to assist you further.

Reporting a Security Vulnerability

If you believe you have identified a potential security vulnerability, please submit your findings to our Responsible Disclosure Team External Site Arrow. Please be sure to include a detailed summary of the potential security vulnerability that you identified. You are encouraged to include the steps it took for you to discover the vulnerability, as well as any screen captures you may have taken. Central Trust Company thanks you in advance for reporting potential security vulnerabilities.

Responsible Disclosure Guidelines

All security vulnerability reporters should submit potential finding in accordance to the following guidelines:

    1. Reporter does not engage in any activity that can potentially or actually cause harm to Central Trust Company, Central Trust Company Clients, or Central Trust Company Employees.
    2. Reporter does not engage in any activity that can potentially or actually stop, delay, or degrade Central Trust Company services or assets.
    3. Reporter does not engage in activity that violates
      1. federal or state laws or regulations or
      2. the laws or regulations of any country where
        1. data, assets, or systems reside,
        2. data traffic is routed or
        3. the researcher is conducting research activity.
    4. Reporter does not store, share, compromise, or destroy Central Trust Company client data.
    5. Reporter does not initiate in any fraudulent financial transactions.
    6. Reporter does not disclose the potentially identified security vulnerability with third parties.

Out of Scope Vulnerabilities 

Certain potential security vulnerabilities are out of scope Central Trust Company’s Responsible Disclosure Program. Those out of scope security vulnerabilities include, but are not limited to:

    1. Physical testing
    2. Social engineering
    3. Phishing
    4. Denial of service attacks
    5. Resource Exhaustion Attacks