Acrolinx Security Incident Reporting Form

This security incident reporting form is to be used to report security incidents by Acrolinx:

  • Personnel (Employees, Consultants, Contractors)
  • Vendors/Suppliers/Partners, 
  • Customers, and
  • Independent Security Researchers

All Acrolinx employees must report any security incident, regardless of role or position.

If you are reporting multiple incidents of a different nature, please fill in a form several times, one for each incident.

Select from one of the following incident types:

Minor Security Incident (submit form here)

An incident which has resulted in, or is likely to result in very limited damage. Examples:

  • Virus/Malware on user equipment (not production systems)
  • Phishing mails not executed or responded to
  • Unpatched material security vulnerability in software and devices
  • loss of ENCRYPTED company device 

Major Security Incident NOT involving client information or services (submit form here)

An incident which has resulted in, or is likely to result in, actual loss of confidentiality, integrity, or availability of business-critical information system(s) or confidential information.  Examples:

  • Ransomware
  • Phishing mail that was clicked
  • Exploited/hacked security vulnerability in software and devices
  • loss of UN-ENCRYPTED company device
  • Loss of material classified as CONFIDENTIAL or above
  • Unauthorized access to, or use of, systems, software, or office
  • Denial of Service attack

Major Security Incident involving client information or services (submit form here)

An Incident which has resulted in , or is likely to result in, actual loss of confidentiality, integrity, or availability of business-critical information system(s) or confidential information.  Use this to report a major security incident involving information systems which provide Acrolinx services which store and process customer information. Examples:

  • Virus/Malware (on production systems)
  • Ransomware (on production systems)
  • Exploited/hacked security vulnerability in software and devices  (on production systems)
  • Unauthorized access to, or use of, production systems, infrastructure, or platform
  • Denial of Service attack