The website of a.s.r. uses cookies. We always place cookies, for example to make the website work properly and to be able to analyze the website completely anonymously. In addition, we place cookies that are not necessary, but are useful. With this you can give feedback or share our information on social media. Or to be able to show relevant advertisements on third-party websites. These cookies may collect data outside of our website. By clicking on 'Agree' you agree to the placing of these cookies. If you want to indicate which cookies you give permission for click on 'Change my settings'. Learn more? Read our cookie policy.
It looks like you are using an ad blocker. Because of this you are unable to choose which cookies we can place. Therefore we will only place functional cookies.
At a.s.r., we consider the security of our systems to be very important. Despite our care for the security of our systems, it can happen that there is still a weak spot. If you notice a weak spot in one of our systems, please let us know immediately. Then we can take measures as soon as possible.
In this way, together we can improve the security and reliability of our systems. Report a possible weak spot via our central reporting centre safe internet desk. This reporting centre is not an invitation to actively discover weak spots. a.s.r. actively monitors its own company network for security incidents.
The Computer Emergency Response Team (CERT) is a specialised team of ICT professionals that is able to act quickly in the event of security incidents and the prevention of security incidents.
Almost every day, we improve the quality and security of our online service so that our customer and company data are protected against misuse. We also ensure as a result that the security and availability of our service are guaranteed. Despite all our care and efforts, situations may arise in which there is a weak spot in our security.
If you do find any vulnerabilities, please report these. We would like to hear from you as soon as possible. Examples of vulnerabilities you may report are:
When investigating the vulnerability found, make sure you preserve the softwareand do not make any changes. After all, changes may result inerrors and as a result damage to our services.Under no circumstances may your investigation:
Anyone who discovers a possible weakness in a.s.r.'s online services and/or underlying information systems may report.
If you have found a vulnerability, please contact our central reporting centre safe internet desk as soon as possible. Encrypt your findings with our PGP key (fingerprint) to prevent the information from falling into the wrong hands.
We ensure that you will receive a response within the timelines of our procedures. A condition is that you use a valid and working email address when entering the report. For each vulnerability, one report is accepted (the first reporter).
Describe the problem found in as concrete and specific a manner as possible:
We can only process reports that are submitted in Dutch and English. The provision of a solution is encouraged.
A team of (security) experts will investigate your report and contact you as soon as possible. We will try to do this within five working days.
Please do not make the problem public, but give us time to resolve the problem. We will let you know what we think of your report, if and what solution we are going to apply and when we will do this. We also ask you not to share the problem with others and to immediately remove all possible data obtained from the found vulnerability.
It is not possible to rule out legal action against persons reporting in advance. We consider ourselves morally obliged to file a report when we suspect that the weak spot or vulnerability is being abused, or that you have shared knowledge about the weak spot with others. Therefore, please follow the rules as set out below and do not act in a disproportionate manner:
The digital vulnerability reporting centre is not meant for:
We ask you to provide us with contact details for the course of the procedure (unless you have made a report anonymously). We will not disclose your identity to third parties without your consent and will not use your data for purposes other than to provide an appropriate follow-up to your report. An exception occurs when competent authorities request information from us. This will be complied with without your prior consent.