Skip to content
Start with us
center-gradient-cover-bg
right-gradient-cover-bg
background gradient desk
Policy Documents

Vulnerability Disclosure

July 11, 2025

Share with:

SECURITY OR PRIVACY VULNERABILITY REPORTING 

If you believe you have discovered a security vulnerability or a privacy-related issue within FPT Smart Cloud’s products or services, we look forward to receiving your feedback to help build a safer cloud computing environment. 

I. Reporting Methods

FPT Smart Cloud welcomes reports from security researchers, partners, and customers. To ensure information is processed quickly, please send an email to the following addresses: 

  • Technical Security Issues: support@fpt.ai
  • Privacy & Personal Data Issues: minhpt@fpt.com (Send directly to the Data Protection Officer). 

Your report should include the following information: 

  • The affected product/service and software version. 
  • A detailed description of the observed behavior versus the expected behavior. 
  • Specific steps to reproduce the error (include illustrative videos if available). 
  • Safety Note: Please encrypt sensitive information before sending it to protect the data during transmission. 

II. Receipt and Processing Procedure

To protect our systems and customer data, FPT Smart Cloud applies the Coordinated Vulnerability Disclosure (CVD) process according to ISO/IEC 29147 standards: 

  • Acknowledgment: We will send a confirmation response acknowledging receipt of your report within 24-48 business hours. 
  • Investigation & Remediation: FPT Smart Cloud will not disclose or publicly discuss security issues until the investigation is complete and necessary updates have been widely released. 
  • Public Disclosure: We use Security Advisories to provide information about fixes and to recognize the contributions of the reporting individuals or organizations. 

III. Security Advisories & Compliance 

FPT Smart Cloud’s Security Advisories are designed to help customers maintain system safety and meet standards such as PCI DSS v4.0.1 and ISO 27001. 

  • Technical Advisories: Updates on configuration changes, patches, or potential risks that are not categorized as software vulnerabilities but affect overall information security. 
  • Recommendations: Customers should regularly monitor Technical Security Advisories and update their systems periodically to ensure data availability and integrity. 

FPT Smart Cloud is committed to maintaining the confidentiality of the reporter’s information and handling all vulnerabilities with the highest sense of responsibility.