This Customer Terms of Service Agreement (“Agreement”) constitutes a legal agreement between the “Customer”, (either as an individual person or as an authorized representative of an academic, business or governmental entity and Helpster Company Limited, A Thai company whose principal address is, 45/1 Soi Saphan Khu, Khwaeng Thung Maha Mek, Khet Sathon, Bangkok 10120, Thailand.
This Agreement is a contract that sets out the legally binding terms of the relationship between Helpster and Customer. By using the Application or the Helspter Application in connection with the Service, Customer represents that (1) Customer has read, understands, and agrees to be bound by this agreement, and (2) the signatory has the authority to enter into this agreement personally or on behalf of the company you have named as the Customer, and to bind that company to these terms.
Customer agrees and understands that certain features of the Application may be subject to additional terms and conditions or registration requirements. Customer agrees to abide by these additional terms and further agrees that a violation of those terms shall constitute a breach of this Agreement. Helpster reserves the right to change this Agreement, and any additional terms at any time, by notifying Customer directly.
THE CUSTOMER ACKNOWLEDGES AND AGREES THAT HELPSTER IS A TECHNOLOGY SERVICES PROVIDER THAT CONNECTS INDIVIDUALS AND BUSINESSES TO INDEPENDENT CONTRACTORS.
1.1. “Deliverables” means the deliverables specified in a Job Request for delivery by a Helpster Partner to Customer.
1.2. “Job Offer” means a notice provided by Helpster to one or more Helpster Partners which includes a description of the job to be provided by the workers and the associated deliverables, the date by which the Job Request must be completed and the payment rate for the Helpster Partner who performs the Job Request.
1.3. “Service Fee” means an additional charge to compensate Helpster for creating, hosting, administering and providing the application.
1.4. “Job Request” means a request for service or work by Customer which includes a description of the deliverables for which you wish to hire Helpster to solicit workers. Once the parties have been matched and have agreed upon the terms of a Job Request pursuant to Section 2, the Job Request will become a “Job Agreement”.
1.5. “Helpster Application” or the “Application” means the software used by Helpster in connection with the Service.
1.6. “Helpster Partner” is an individual worker who partners with Helpster to receive and perform jobs.
2. Helpster Services
2.1. Helpster, an internet and mobile application owned and operated by Helpster.
2.2. Helpster provides a service that allows its customers to connect with Helpster’s network of geographically distributed workers to obtain service providers for various short term assignments
3. Helpster Responsibilities
3.1. Helpster connects the customer directly with qualified independent contract workers who have made themselves available for work through the Helpster platform
3.2. Helpster makes the best effort to ensure the workers are of the highest quality and experience level, through our comprehensive on boarding process including testing and face to face interviews
3.3. If notified by Customer in advance, Helpster will inform all Partners assigned to the Customer of any Customer specific rules and regulations before they commence the work.
3.4. Helpster sources Partners and takes care of all payroll and administrative processes.
3.5. Helpster will source replacement Partners in the case of absenteeism during Job Agreement period
3.6. Helpster will manage all communication with Partners regarding payment. Customer is not to address payment / rates directly with the workers
3.7. Helpster will handle termination, replacement and relocation of Partners when required
3.8. Helpster will ensure all Partners pass criminal background checks
Customer may from time to time submit a Job Request to Helpster via the Application. We can accept or reject each Job Request. Alternatively, we may contact Customer to obtain more information about the Job Request and then we may provide a modified version of the Job Request, in which case Customer must accept such modified Job Request before we will proceed.
5.1. Customer acknowledges that all the intellectual property rights in the Application, the Service, the Helspter Application, and any metadata or other information generated or submitted to Helpster by a Helpster Partner in the course of performing a Helpster Job Agreement are owned by Helpster or Helpster’s licensors or suppliers. Customer shall not obtain, by this Agreement, any right, title or interest in the trademarks of Helpster or Helpster’s licensors, affiliates or suppliers, nor shall this Agreement give Customer the right to use, refer to, or incorporate in marketing or other materials the name, logos, trademarks or copyrights of Helpster or Helpster’s licensors, affiliates or suppliers. Customer agrees not to (a) reproduce, modify, publish, transmit, distribute, publicly perform or display, sell, or create derivative works based on the Helpster IP, or (b) rent, lease, loan, or sell access to the Helpster IP.
5.2. Customer hereby grants to Helpster a royalty-free, worldwide, transferable, irrevocable, perpetual license to use, reproduce, modify, or incorporate into the Helpster IP, and otherwise fully exploit, any suggestions, enhancement requests, recommendations or other feedback provided by Customer related to the Helpster IP.
As used herein, “Confidential Information” means all confidential information disclosed by a party (“Disclosing Party”) to the other party (“Receiving Party”), whether orally or in writing, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure. However,
6.1. Confidential Information shall not include any information that (a) is or becomes generally known to the public without breach of any obligation owed to the Disclosing Party, (b) was known to the Receiving Party prior to its disclosure by the Disclosing Party without breach of any obligation owed to the Disclosing Party, (c) is received from a third party without breach of any obligation owed to the Disclosing Party, or (d) was independently developed by the Receiving Party without access to, or use of, the Disclosing Party’s Confidential Information.
6.2. Except as otherwise permitted in writing by the Disclosing Party, the Receiving Party shall use the same degree of care that it uses to protect the confidentiality of its own confidential information of like kind (but in no event less than reasonable care) and shall not disclose or use any Confidential Information of the Disclosing Party for any purpose outside the scope of this Agreement, and the Receiving Party shall only disclose the Confidential Information of the Disclosing Party to those of the Receiving Party’s employees, contractors and agents who need such access to perform obligations or exercise rights under this Agreement and who have signed confidentiality agreements with the Receiving Party containing protections no less stringent than those herein.
6.3. The Receiving Party may disclose Confidential Information of the Disclosing Party to the extent such disclosure is compelled by law, provided the Receiving Party gives the Disclosing Party prior notice of such compelled disclosure (to the extent legally permitted) and reasonable assistance, at the Disclosing Party’s cost, if the Disclosing Party wishes to contest the disclosure. If the Receiving Party is compelled by law to disclose the Disclosing Party’s Confidential Information as part of a civil proceeding to which the Disclosing Party is a party, the Disclosing Party will reimburse the Receiving Party for its reasonable cost of compiling and providing secure access to such Confidential Information. 6.4. Notwithstanding the foregoing, Customer acknowledges and agrees that some of the information that it provides in Job Agreements will be sent to Helpster Partners who will need this information to respond to requests to perform one or more Helpster Job Requests. By submitting a Job Request, Customer is requesting, and expressly consents to have details of the Job Agreement sent to Helpster Partners that Helpster deems qualified to perform the Helpster Job Requests. Customer agrees that all information that Customer provides will be accurate, current and truthful to the best of is knowledge.
THE SERVICE AND THE DELIVERABLES ARE PROVIDED “AS-IS” AND “AS-AVAILABLE.” HELPSTER EXPRESSLY DISCLAIMS ANY WARRANTIES AND CONDITIONS OF ANY KIND, WHETHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OR CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, QUIET ENJOYMENT, ACCURACY, OR NON-INFRINGEMENT. HELPSTER MAKES NO WARRANTY THAT (A) THE SERVICE OR DELIVERABLES WILL MEET CUSTOMER’S REQUIREMENTS; (B) THE SERVICE WILL BE AVAILABLE ON AN UNINTERRUPTED, TIMELY, SECURE OR ERROR-FREE BASIS; OR (C) THE RESULTS THAT MAY BE OBTAINED FROM THE USE OF THE SERVICE OR DELIVERABLES WILL BE ACCURATE OR RELIABLE. HELPSTER DOES NOT AND CANNOT GUARANTEE A MATCH BETWEEN EACH HELPSTER JOB REQUEST AND A HELPSTER PARTNER OR THAT THERE ARE HELPSTER PARTNERS IN EACH GEOGRAPHIC AREA REQUESTED BY CUSTOMER WHO ARE WILLING TO FULFILL THE HELPSTER JOB REQUEST AT THE TIME AND PLACE REQUESTED. CUSTOMER ACKNOWLEDGES AND AGREES THAT HELPSTER HAS NO LIABILITY FOR THE ACTION, OR INACTION, OF ANY HELPSTER PARTNER AND THAT THERE IS NO EMPLOYMENT, JOINT VENTURE, OR AGENCY RELATIONSHIP BETWEEN HELPSTER AND THE HELPSTER PARTNERS. HELPSTER DOES NOT GUARANTEE OR WARRANT THE HELPSTER PARTNERS’ PERFORMANCE OF THE HELPSTER AGREEMENT REQUESTS OR THE OUTCOME OR QUALITY OF THE DELIVERABLES PROVIDED.
8. Limitation of liability
IN NO EVENT SHALL HELPSTER BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY LOST PROFITS OR ANY INDIRECT, CONSEQUENTIAL, EXEMPLARY, INCIDENTAL, SPECIAL OR PUNITIVE DAMAGES ARISING FROM CUSTOMER’S USE OF THE HELPSTER IP OR THE DELIVERABLES, EVEN IF HELPSTER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. NOTWITHSTANDING ANYTHING TO THE CONTRARY CONTAINED HEREIN, HELPSTER’S LIABILITY TO CUSTOMER FOR ANY DAMAGES ARISING FROM OR RELATED TO CUSTOMER’S USE OF THE HELPSTER IP OR THE DELIVERABLES (FOR ANY CAUSE WHATSOEVER AND REGARDLESS OF THE FORM OF ACTION) WILL AT ALL TIMES BE LIMITED TO THE FEES CUSTOMER PAID TO HELPSTER.
9. Relationships between Helpster, Helpster Partners and You
Customer acknowledges that the relationship between Helpster and the Helpster Partners is that of independent contracting parties. The Parties expressly agree that no employment contract of any kind – direct, implied or otherwise – exists between Helpster and the Helpster Partners.
The Parties expressly agree that no joint venture, partnership, employment, or agency agreement exists between them as a result of this Agreement or any use of the Application.
10.1. This Agreement or any claim, cause of action or dispute (“Claim”) arising out of or related to this Agreement shall be governed by the laws of Singapore regardless of your country of origin or where you access Helpster, and notwithstanding any conflicts of law principles.
Before filing a Claim for arbitration or otherwise seeking relief in a court of law, you agree to first inform Helpster (firstname.lastname@example.org) of your complaint and seek resolution. This notice of dispute must include: your name, relevant account information, a brief description of your dispute, and contact information, so that Helpster may evaluate the dispute and attempt to informally resolve same. Helpster will have 60 days from the date of your original complaint to informally resolve the dispute, which if successful will avoid the need for further action.
10.3. Arbitration Procedures. In the unlikely event that you and Helpster end up in a legal dispute and have not been able to resolve it within 60 days of your original informal claim, you and Helpster agree to the following:
All Claims (excluding claims for injunctive or other equitable relief) must be resolved through binding arbitration before an. Any disputes as to the applicable rules and procedures shall be resolved by the arbitrator.
The party wishing to initiate arbitration must submit a written demand for arbitration. If you initiate a Claim, you will submit the demand by certified mail to Helpster. If Helpster initiates a claim, Helpster will serve a demand for arbitration upon you by email to the email address on file with Helpster, and may send a copy by certified mail to your last known address (or to another address specified by you in your notice of dispute of your informal claim). You agree to service of process in that manner. Any demand for arbitration by either party shall identify the parties to the dispute, describe the legal and factual basis of the dispute, and specifically state the remedy being sought.
10.4 Severability. If any provision of this Agreement is, for any reason, held to be invalid or unenforceable, the other provisions of this Agreement will be unimpaired and the invalid or unenforceable provision will be deemed modified so that it is valid and enforceable to the maximum extent permitted by law.
10.5. This Agreement and your rights and obligations under this Agreement may not be assigned, delegated, or otherwise transferred, in whole or in part, by operation of law or otherwise, by you without Helpster’s express prior written consent. Any attempted assignment, delegation or transfer in violation of the foregoing will be null and void. Helpster may assign this Agreement or any of its rights under this Agreement to any third party with or without your written consent.
10.6. Helpster may give any notice required by this Agreement by means of a general notice on the Application, electronic mail to your email address on record with Helpster, or by written communication sent by first class mail or pre-paid post to your address on record with Helpster.
10.7. All waivers must be in writing and signed by the party to be charged. Any waiver or failure to enforce any provision of this Agreement on one occasion will not be deemed a waiver of any other provision or of such provision on any other occasion.
10.8. This Agreement is the final, complete and exclusive agreement of the parties with respect to the subject matter hereof and supersedes and merges all prior or contemporaneous communications and understandings between the parties. Except as permitted herein, no modification or amendment to this Agreement will be effective unless in writing and signed by the party to be charged. However, to the extent of any conflict or inconsistency between the provisions in the body of this Agreement and any Job Agreement, the terms of this Agreement shall prevail. Notwithstanding any language to the contrary therein, no terms or conditions stated in any purchase order or other order documentation (excluding Job Agreements) shall be incorporated into or form any part of this Agreement, and all such terms and conditions shall be null and void.
10.9. Helpster reserves the right at any time to modify or discontinue, temporarily or permanently, the Application or the Service (or any part thereof) with notice. You agree that Helpster shall not be liable to you or to any third party for any modification, suspension or discontinuance of the Application or the Service.
11.1. Termination Without Cause. Either party may terminate this Agreement without cause, effective immediately upon notice to the other party, at any time when there are no outstanding Job Agreements or unpaid balances due hereunder.
11.2. Surviving Provisions. Sections 5 (“Fees and Payment”), 8 (“IP Ownership”), 9 (“Confidentiality”), 10 (“Disclaimers”), 11 (“Limitation of Liability”), and 13 (“Miscellaneous”) shall survive any termination of this Agreement.
12. Contacting Helpster
If you wish to report a violation of the Customer Agreement, have any questions or need assistance, please contact Customer Support at email@example.com
Helpster Company Limited
45/1 Soi Saphan Khu, Khwaeng Thung Maha Mek,
Khet Sathon, Bangkok 10120, Thailand
Phone: +662 109 7910
2. Scope and Application
This Privacy Statement (“Statement") applies to persons anywhere in the world who use our apps, websites, platforms, technologies to request Helpster Services.
3. Information We Collect
When you interact with us through the Services, we collect information about you in the following general categories:
3.1. Location Information: As a condition of providing Users with transportation, delivery, or other services via the Helpster platform, your precise location data must be provided to Helpster via the app that that you use. Once the Helpster app has permission to access location services through the permission system used by your mobile operating system (“platform”), we will collect the precise location of your device when the app is running in the foreground or background. We may also derive your approximate location from your IP address.
3.2. Contacts Information: If you permit the Helpster app to access the address book on your device via the permission system used by your platform, we may access and store names and contact information from your address book to facilitate social interactions through our Services and for other purposes described in this Statement or at the time of consent or collection.
3.3. Transaction Information: We collect transaction details related to the transportation (or other) services you provide through our platform, including the type of service provided, date and time the service was provided, amount charged, distance traveled, and other related transaction details. Additionally, if someone uses your promo code, we may associate your name with that person.
3.5. Device Information: We may collect information about your mobile device (whether your own device or a device we provide you), including, for example, the hardware model, operating system and version, software and file names and versions, preferred language, unique device identifier, advertising identifiers, serial number, device motion information, and mobile network information.
3.6. Call and SMS Data: Our Services facilitate communications between Users and Workers. In connection with facilitating this service, we receive call data, including the date and time of the call or SMS message, the parties’ phone numbers, and the content of the SMS message.
3.7. Log Information: When you interact with the Services, we collect server logs, which may include information like device IP address, access dates and times, app features or pages viewed, app crashes and other system activity, type of browser, and the third-party site or service you were using before interacting with our Services. Any other personal information which you give us in connection with the Services.
3.8. Non-Identifiable Data: When you interact with Helpster through the Services, we receive and store certain information which does not identify you personally. Such information is collected passively using various technologies.
4. Use of Information
By providing us with the information about you discussed above, you consent for us and our subsidiaries and affiliates (the "Helpster Related Companies to use that information in the following ways:
4.1. To maintain, and improve our Services, including, for example, to facilitate payments, send receipts, provide products and services you request (and send related information), develop new features, provide customer support to Users and Workers, develop safety features, authenticate users, and send product updates and administrative messages.
4.2. To perform internal operations, including, for example, to prevent fraud and abuse of our Services; to troubleshoot software bugs and operational problems; to conduct data analysis, testing, and research; and to monitor and analyze usage and activity trends.
4.3. To implement and monitor any Helpster bookings which you make using our Services;
4.4. To share your Personal Data with Helpster professionals in order to carry out your Helpster bookings using our Services;
4.5. To ensure that content from our Services is presented in the most effective manner for you and for your computer or other device from which you access the Services;
4.6. To provide you with information, products or services that you request from us or which we feel may interest you;
4.7. To carry out our obligations arising from any contracts between you and us;
4.8. To allow you to participate in interactive features of our Services, when you choose to do so;
4.9. To notify you about changes to our Services;
4.10. To improve or modify the Services, for example based on how you use our Services;
4.11. To calculate conversion rates and other elements of Services' performance; and
4.12. For marketing purposes (which we discuss further below).
4.13. To personalize and improve the Services, including to provide or recommend features, content, social connections, referrals, and advertisements.
5. Sharing of Information
Helpster is not in the business of selling your information. We consider this information to be a vital part of our relationship with you. There are, however, certain circumstances in which we may share your Personal Data with certain third parties, as set out below:
5.1. With Users in connection with their request for services. For instance we may share your name, personal photo, job profile, precise or approximate location, average rating provided by Users, and certain contact information (depending upon your location and applicable laws). After you have provided the requested services, we will send the User a receipt via e-mail or other means which may include the breakdown of amounts charged, your name, contact information, photo, job details, and other transaction details.
5.2. With other people, as directed by you, in connection with a particular service, offering or promotion; or with third parties to provide you a service you requested through a partnership or promotional offering made by a third party or us.
5.3. With Workers to enable them to provide the Services you request.
5.4. With the general public if you submit content in a public forum, such as blog comments, social media posts, or other features of our Services that are viewable by the general public
5.5. With third parties with whom you choose to let us share information, for example other apps or websites that integrate with our API or Services, or those with an API or Service with which we integrate.
5.6. With third parties to provide you a service you requested through a partnership or promotional offering made by a third party or us.
5.7. Business Transfers: As we develop our business, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution or similar event, Personal Data may be part of the transferred assets.
5.10. Legal Requirements: Helpster may disclose your Personal Data if required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation, (ii) protect and defend the rights or property of Helpster, (iii) act in urgent circumstances to protect the personal safety of users of the Services or the public, or (iv) protect against legal liability.
5.12. Marketing and advertising: Helpster and its affiliates may use Personal Data to contact you in the future to tell you about services we believe will be of interest to you. If we do so, each communication we send you will contain instructions permitting you to "opt-out" of receiving future communications. In addition, if at any time you wish not to receive any future communications or you wish to have your name deleted from our mailing lists, please contact us as indicated below.
5.13. The Services may integrate with social sharing features and other related tools which let you share actions you take on our Services with other apps, sites, or media, and vice versa. Your use of such features enables the sharing of information with your friends or the public, depending on the settings you establish with the social sharing service. Please refer to the privacy policies of those social sharing services for more information about how they handle the data you provide to or share through them.
5.14. With law enforcement officials, government authorities, or other third parties if we believe your actions are inconsistent with our user agreements or policies, or to protect the rights, property, or safety of Helpster.
5.15. In connection with, or during negotiations of, any merger, sale of company assets, consolidation or restructuring, financing, or acquisition of all or a portion of our business by or into another company.
We do not disclose personal information about identifiable individuals to advertisers, but we may provide them with aggregate and/or anonymised information about our users to help advertisers reach the kind of audience they want to target. We may make use of the information we have collected from you to enable us to comply with our advertisers' wishes by displaying their advertisement to that target audience.
6. Your Choices
6.1. You can visit the Services without providing any Personal Data. If you choose not to provide any Personal Data, you may not be able to use certain Helpster Services.
6.2. Account Details. You may correct your account information at any time by logging into your online or in-app account. If you wish to cancel your account, please email us at firstname.lastname@example.org. Please note that in some cases we may retain certain information about you as required by law, or for legitimate business purposes to the extent permitted by law.
6.3. Access Rights, Helpster will comply with individual’s requests regarding access, correction, and/or deletion of the personal data it stores in accordance with applicable law.
6.4. Location Details, We request permission for our app’s collection of precise location from your device (whether your own device or one we provide) per the permission system used by your mobile operating system. If you initially permit the collection of this information, you can later disable it by changing the location settings on your mobile device. However, you will not be able to provide services on the Helpster App if you disable our collection of precise location data. Additionally, disabling our collection of precise location from your device will not limit our ability to derive approximate location from your IP address.
6.5. Contact Details, We may also seek permission for our app’s collection and syncing of contact information from your device per the permission system used by your mobile operating system. If you initially permit the collection of this information, iOS users can later disable it by changing the contacts settings on your mobile device. The Android platform does not provide such a setting.
6.6. Promotions and News Alerts, You may opt out of receiving promotional messages from us by following the instructions in those messages. If you opt out, we may still send you non-promotional communications, such as those about your account, about Services you have requested, or our ongoing business relations.
7. Links to Other Web Sites
Helpster takes reasonable steps to protect the Personal Data provided via the Services from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, no Internet or e-mail transmission is ever fully secure or error free; any transmission is at your own risk. In particular, e-mail sent to or from the Services may not be secure. Therefore, you should take special care in deciding what information you send to us via e-mail. Please keep this in mind when disclosing any Personal Data to Helpster via the Internet. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. Registered Helpster users will have an account name and password which enables you to access certain parts of our Services. You are responsible for keeping them confidential. Please don't share them with anyone.
9. Other Terms and Conditions
11. Contacting Helpster
1. Cookies Overview
A cookie is a small text file that a website saves on your computer or mobile device when you visit the site. It enables the website to remember your actions and preferences (such as login, language, font size and other display preferences) over a period of time, so you don’t have to keep re-entering them whenever you come back to the site or browse from one page to another. A web beacon is a line of code which is used by a website or less frequently a third party ad server to measure a user’s activity, such as interaction with an advert or purchase of a product. A web beacon is often invisible because it is only 1 x 1 pixel in size with no colour. A web beacon can also be known as a web bug, 1 by 1 GIF, invisible GIF and tracker GIF.
2.1. To measure users behaviour to better develop our apps. By using analytics services provided by Google Analytics we can analyse which pages are viewed and how long for and which links are followed, so that we can provide more content which is of interest. We also use this analysis to report on our performance and we may use it to sell advertising. If you purchase any of our apps, we’ll also monitor which apps you’ve accessed
2.3. To understand, improve, and research products and Services, including when you access the Uber website and related websites and apps from a computer or mobile device.
2.4. To authenticate users. These cookies (including local storage and similar technologies) tell us when you’re logged in, so we can show you the appropriate experience and features such as your account information, trip history, and to edit your account settings.
2.5. For security purposes, We use these cookies to support or enable security features to help keep Helpster safe and secure.
2.6. For localization services these allows Helpster to provide a localized experience.
The information generated by the cookie about your use of our apps (including your IP address) will be transmitted to and stored on servers owned or maintained by or on behalf of our service providers World Wide. They may also transfer this information to third parties where required to do so by law, or where such third parties process the information on their behalf. By using this website, you consent to the processing of data about you by those service providers in the manner and for the purposes set out above.
3. Your Choices
4. Contacting Helpster
Please also feel free to contact us if you have any questions about Helpster's. You may contact us as follows: Company: Helpster Company Limited Address: 45/1 Soi Saphan Khu, Khwaeng Thung Maha Mek, Khet Sathon, Bangkok 10120, Thailand Phone: +662 109 7910 Email: support@Helpster.co.th
Web application vulnerabilities account for the largest portion of attack vectors outside of malware. It is crucial that any web application be assessed for vulnerabilities and any vulnerabilities by remediated prior to production deployment.
The purpose of this policy is to define web application security assessments within Helpster. Application assessments are performed to identify potential or realized weaknesses as a result of inadvertent mis-configuration, weak authentication, insufficient error handling, sensitive information leakage, etc. Discovery and subsequent mitigation of these issues will limit the attack surface of <Company Name> services available both internally and externally as well as satisfy compliance with any relevant policies in place.
This policy covers all web application security assessments requested by any individual, group or department for the purposes of maintaining the security posture, compliance, risk management, and change control of technologies in use at Helpster. All web application security assessments will be performed by delegated security personnel either employed or contracted by Helpster. All findings are considered confidential and are to be distributed to persons on a “need to know” basis. Distribution of any findings outside of Helpster is strictly prohibited unless approved by the Chief Information Officer. Any relationships within multi-tiered applications found during the scoping phase will be included in the assessment unless explicitly limited. Limitations and subsequent justification will be documented prior to the start of the assessment.
4.1. Web applications are subject to security assessments based on the following criteria:
- New or Major Application Release – will be subject to a full assessment prior to approval of the change control documentation and/or release into the live environment.
-Third Party or Acquired Web Application – will be subject to full assessment after which it will be bound to policy requirements.
- Point Releases – will be subject to an appropriate assessment level based on the risk of the changes in the application functionality and/or architecture.
- Patch Releases – will be subject to an appropriate assessment level based on the risk of the changes to the application functionality and/or architecture.
- Emergency Releases – An emergency release will be allowed to forgo security assessments and carry the assumed risk until such time that a proper assessment can be carried out. Emergency releases will be designated as such by the Chief Information Officer or an appropriate manager who has been delegated this authority.
4.2. All security issues that are discovered during assessments must be mitigated based upon the following risk levels.
-High – Any high risk issue must be fixed immediately or other mitigation strategies must be put in place to limit exposure before deployment. Applications with high risk issues are subject to being taken off-line or denied release into the live environment.
-Medium – Medium risk issues should be reviewed to determine what is required to mitigate and scheduled accordingly. Applications with medium risk issues may be taken off-line or denied release into the live environment based on the number of issues and if multiple issues increase the risk to an unacceptable level. Issues should be fixed in a patch/point release unless other mitigation strategies will limit exposure.
- Low – Issue should be reviewed to determine what is required to correct the issue and scheduled accordingly.
4.3. The following security assessment levels shall be established by the Helpster organization or other designated organization that will be performing the assessments.
-Full – A full assessment is comprised of tests for all known web application vulnerabilities using both automated and manual tools. A full assessment will use manual penetration testing techniques to validate discovered vulnerabilities to determine the overall risk of any and all discovered.
-Quick – A quick assessment will consist of a (typically) automated scan of an application for web application security risks at a minimum.
-Targeted – A targeted assessment is performed to verify vulnerability remediation changes or new application functionality.
5. Policy Compliance
5.1. Compliance Measurement, The team will verify compliance to this policy through various methods, including but not limited to, periodic walk-thrus, video monitoring, business tool reports, internal and external audits, and feedback to the policy owner.
5.2. Exceptions, Any exception to the policy must be approved by the team in advance.
5.3. Non-Compliance, An employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.
5.4. Web application assessments are a requirement of the change control process and are required to adhere to this policy unless found to be exempt. All application releases must pass through the change control process. Any web applications that do not adhere to this policy may be taken offline until such time that a formal assessment can be performed at the discretion of the Chief Information Officer.
6. Contacting Helpster
You may contact us as follows: Company: Helpster Company Limited Address: 45/1 Soi Saphan Khu, Khwaeng Thung Maha Mek, Khet Sathon, Bangkok 10120, Thailand Phone: +662 109 7910 Email: support@Helpster.co.th