Temoche ConsultingTemoche Consulting
ESEN
Let's talk

Information Security Statement

Temoche Consulting maintains an internal information-security program aligned to ISO/IEC 27001:2022 and applicable Peruvian regulation (Ley 29733 and its Regulation; Information Security Directive, Directorial Resolution 019-2013-JUS/DGPDP). The statement below describes our public commitments and channels.

Scope

This statement applies to Temoche Consulting's own infrastructure (website, internal collaboration tooling, working repositories) and to the engagement lifecycle when Temoche Consulting acts as data processor on behalf of a client.

Public commitments

This website: security posture

The public website is statically hosted on an edge platform with security hardening: HTTPS-only, modern security headers (including a strict Content Security Policy), origin isolation, and disabling of browser capabilities we do not use. The specific configuration is kept private and reviewed periodically.

Responsible disclosure

We accept reports of security vulnerabilities affecting our public infrastructure. Please report findings privately to legal@temocheconsulting.com with the subject line "Security · Responsible Disclosure" and a brief description of the issue.

Please do not exploit findings beyond what is strictly necessary to demonstrate the vulnerability. We do not currently operate a bug-bounty program; recognition is offered upon request and never includes monetary reward unless a formal program is announced.

Machine-readable channel

A machine-readable security contact file is published per RFC 9116 at /.well-known/security.txt.

Out of scope

For clients under active engagement

Detailed security architecture, incident-response playbook, audit trails and insurance certificates are shared under NDA during the proposal phase. The Information Security Policy applicable to a specific engagement is referenced in the Statement of Work.