Information security risks policy

Overview

At Maha Capital Partners (“MCP”), data confidentiality, integrity and availability are a cornerstone of our business. Accordingly, the protection of information security is paramount to us and we continually monitor the adherence to our industry standards on people, process and technology.

MCP employs various security practices and measures in order to protect client data. In addition, you also play an important role in safeguarding against cyber risks which can include malware attacks, unauthorized access and fraudulent transactions.

MCP may periodically contact clients directly through email and phone but will never solicit any transactional matters by phone (other than permitted strictly by law) and, in all cases, will never request that the client provides any electronic banking credentials, bank account details nor payment details in any way or form. 

Moreover, MCP does not solicit business through cold calls or social media in any way or form.

More importantly, no member of MCP shall ever attempt to sell, offer nor propose any investment by phone or by email to any natural person, since MCP may only offer investment services to third parties and such investment services may only be provided to “business” customers and “market counterparties”. Any “retail” client who is contacted or being solicited in relation to any kind or form of investment purported to be made by (or by any person claiming to be representing or authorized to act on behalf of) MCP, is duly informed and advised that such claim is likely fraudulent, and such person must refrain from any action and must first always verify the relevant information with a duly authorized representative of MCP by using the contact details set out within this official website.

Please report all relevant emails, documents, and websites related to suspected cybersecurity, phishing, brand misuse and fraud related to Maha to

[email protected]

Security vulnerability disclosure policy

MCP acknowledges the valuable role that independent security researchers play in cyber and information security. As a result, we encourage responsible reporting of any vulnerabilities that are found in MCP’s online systems and applications (including its website).

MCP is committed to collaborate with security researchers to verify and address any potential vulnerabilities that will be reported to the company.

Please review our below-described terms before you test and/or report a vulnerability. 

MCP pledges not to initiate legal action against researchers for penetrating or attempting to penetrate our systems as long as they adhere to the following terms of this policy and can evidence that their actions were solely directed in protecting MCP’s interests and/or enhancing protection of MCP’s cybersecurity risks.

While we encourage you to report to us any vulnerabilities you find in a responsible manner, the following conduct is prohibited:

  • Performing actions that may negatively affect MCP or its clients (e.g. Spam, Brute Force, Denial of Service, etc.);
  • Accessing, or attempting to access, data or information that does not belong to you;
  • Destroying or corrupting, or attempting to destroy or corrupt, data or information that does not belong to you;
  • Conducting any kind of physical or electronic attack on MCP personnel, property, buildings or data centers;
  • Social engineering any MCP service desk, employee or contractor;
  • Conducting vulnerability testing of participating services using anything other than your own data in order to minimize the risk to our client’s data;
  • Violating any laws or breaching any agreements in order to discover vulnerabilities.

Reporting a potential security vulnerability

  • Privately share details of the suspected vulnerability with or at MCP by sending an e-mail to: [email protected];
  • Please provide the full details of the suspected vulnerability, so that the MCP security team may validate and reproduce the issue.

The MCP security team commitment

We ask that you do not share or publicize an unresolved vulnerability with/to third parties. If you responsibly submit a vulnerability report, the MCP security team and associated development organizations will use reasonable efforts to:

  • Respond in a timely manner, acknowledging receipt of your vulnerability report;
  • Provide an estimated time frame for addressing the vulnerability report; and
  • Notify you when the vulnerability has been fixed.

We are happy to thank every individual researcher who submits a vulnerability report helping us improve our overall security posture at MCP.

error: Content is protected