UK Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023

Overview

This policy outlines the steps and responsibilities for ensuring compliance with the UK Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023. This includes ensuring security updates, managing vulnerability reports, and maintaining communication with stakeholders regarding security issues for our products.

1. Minimum Security Update Periods

All products must have clearly defined security update periods to ensure continued protection against vulnerabilities. The minimum security update periods for our products are as follows:

• Product: Pure One
  • Date of First Availability in the UK: May 2023
  • End of Support Date: December 2027

• Product: Pure Touch
• Date of First Availability in the UK: October 2019
• End of Support Date: December 2026

• Product: Pure V1
• Date of First Availability in the UK:  January 2017
• End of Support Date:  December 2026

• Product: Pure V2
• Date of First Availability in the UK:  October 2018
• End of Support Date:  December 2026

2. Vulnerability Reporting

To ensure timely identification and resolution of security issues, the following process must be followed:

• Submission of Vulnerability Reports:
  • Vulnerability reports for eligible Road Angel products can be submitted via email to: info@roadangelgroup.com.
• Acknowledgement of Reports:
  • An acknowledgement of a reported security issue will be sent to the reporter within 5 business days of receiving the report.
• Status Updates:
  • Status updates will be provided to the reporter until the resolution of the reported security issue.
• Resolution Timeline:
  • Reported security issues will be resolved within 30 business days from the date of acknowledgement.

3. Responsibilities

• Product Security Team:

  • Ensure security updates are developed and released according to the defined update periods.
  • Manage the vulnerability reporting process, including timely acknowledgements and resolution of issues.
  • Maintain records of all reported vulnerabilities and the actions taken to resolve them.

• Customer Support Team:

  • Communicate with customers and stakeholders regarding security updates and end-of-support dates.
  • Provide assistance to customers in submitting vulnerability reports.

• Compliance Team:

  • Monitor compliance with the UK Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023.
  • Conduct regular audits to ensure all processes and timelines are adhered to.

4. Communication and Documentation

• Security Update Notices:

  • Regular notices will be provided to customers informing them of upcoming security updates and the end-of-support date for their products.

• Policy Review:

  • This policy will be reviewed annually to ensure it remains up-to-date with regulatory requirements and industry best practices.

5. Contact Information

• For any inquiries related to product security and compliance with the regulations, please contact our support team at info@roadangelgroup.com.

By adhering to this policy, we aim to ensure the security and integrity of our products, while maintaining transparency and trust with our customers and stakeholders.