Information security is paramount at Globality.

We invest considerable resources to provide a safe, secure platform to our partners, customers, and employees. Our dedicated information security team is committed to protecting our systems through continuous research, implementation of cutting-edge technology, and subject-matter expertise. Our security policy is guided by Globality’s core values, code of conduct, and business ethics. It dictates how we operate anywhere, any time.

Have questions, comments, or ideas? We want to hear!

The InfoSec Team at Globality promises a prompt reply to any valid query.

All fields are required

Bug Bounty Program

Keeping our customers’ data secure is our top priority, and we encourage responsible reporting of any vulnerabilities that may be found in our systems or applications. Globality offers monetary rewards to software security researchers and white-hat hackers who report software vulnerabilities that have potential to be exploited. Bug reports must document enough information, obey all the rules (below), and never violate any of our provisos to be eligible for a reward. Payment amounts are commensurate with the impact of the bug reported and will be determined by Globality on a case-by-case basis.

  • What you can and can’t do
      • You can’t access or attempt to access anyone else’s data.
      • You can’t destroy or corrupt (or attempt to) any data, system, or infrastructure component.
      • You can’t perform any attack that could harm the reliability/integrity of our services, such as DDoS or spam attacks.
      • If you find a bug, do not disclose it to anyone but us. Do not post it anywhere until we fix it.
      • You may only test for vulnerabilities on sites owned and operated by Globality.
      • You may not impact any of our users while doing your tests.
      • Nontechnical attacks (phishing, social engineering, physical attacks, etc.) are prohibited and ineligible for rewards.
      • You may not test any website forms (including lead and message forms). Such tests are automatically disqualified.
      • If you have any questions, concerns, or doubts, please contact us by submitting the form above.
  • What we will do
      • We will respond to your query/report as quickly as possible, usually within 24 hours.
      • We will update you on what we find and what we are going to do about it.
      • As long as you follow and abide by our rules, we will not engage in litigation against you.
      • If we determine that your finding is original and meaningful and has impact and if you followed all our rules, we will reward you.
  • Examples of ineligible bugs
      • Bugs that don’t affect the latest version of modern browsers or bugs related to browser extensions
      • Reports that don’t include detailed steps to reproduce the issue
      • Insecure cookie settings for nonsensitive cookies
      • Bugs relating to the disclosure of public information or information that does not present significant risk
      • Bugs that have already been submitted by another user or that we are already aware of
      • Bugs in content/services that are not owned/operated by Globality, including our third-party providers, cloud hosting services, and other vendors (unless such bugs allow access to our data)
      • Automation attacks or brute forcing of any information, including usernames and passwords
      • Session termination, password reset requests, input validation and rate limiting on any contact forms. Exposed JS or HTML files.
      • Reports about email spoofing or email flooding via web forms.
  • How to report

    • Discreetly share full details of the suspected vulnerability with us by sending an e-mail to bugbounty@globality.com.

      Include the following information:

      • A full description of the issue you discovered, including exploitation methodology and impact
      • Type of issue (cross-site scripting, buffer overflow, SQL injection, etc.)
      • Proof of concept and/or details of a URL demonstrating the issue
      • Details about any unique configuration required to reproduce the issue
  • How we reward

    • Globality will review your report and confirm that your finding is original, meaningful, impactful, and that you followed all of our rules. A Globality team member will contact you to disclose our decision and arrange payment of the monetary reward determined by the team. Our typical range of rewards is $250 to $10,000.

  • You can’t access or attempt to access anyone else’s data.
  • You can’t destroy or corrupt (or attempt to) any data, system, or infrastructure component.
  • You can’t perform any attack that could harm the reliability/integrity of our services, such as DDoS or spam attacks.
  • If you find a bug, do not disclose it to anyone but us. Do not post it anywhere until we fix it.
  • You may only test for vulnerabilities on sites owned and operated by Globality.
  • You may not impact any of our users while doing your tests.
  • Nontechnical attacks (phishing, social engineering, physical attacks, etc.) are prohibited and ineligible for rewards.
  • You may not test any website forms (including lead and message forms). Such tests are automatically disqualified.
  • If you have any questions, concerns, or doubts, please contact us by submitting the form above.
  • We will respond to your query/report as quickly as possible, usually within 24 hours.
  • We will update you on what we find and what we are going to do about it.
  • As long as you follow and abide by our rules, we will not engage in litigation against you.
  • If we determine that your finding is original and meaningful and has impact and if you followed all our rules, we will reward you.
  • Bugs that don’t affect the latest version of modern browsers or bugs related to browser extensions
  • Reports that don’t include detailed steps to reproduce the issue
  • Insecure cookie settings for nonsensitive cookies
  • Bugs relating to the disclosure of public information or information that does not present significant risk
  • Bugs that have already been submitted by another user or that we are already aware of
  • Bugs in content/services that are not owned/operated by Globality, including our third-party providers, cloud hosting services, and other vendors (unless such bugs allow access to our data)
  • Automation attacks or brute forcing of any information, including usernames and passwords
  • Session termination, password reset requests, input validation and rate limiting on any contact forms. Exposed JS or HTML files.
  • Reports about email spoofing or email flooding via web forms.

Discreetly share full details of the suspected vulnerability with us by sending an e-mail to bugbounty@globality.com.

Include the following information:

  • A full description of the issue you discovered, including exploitation methodology and impact
  • Type of issue (cross-site scripting, buffer overflow, SQL injection, etc.)
  • Proof of concept and/or details of a URL demonstrating the issue
  • Details about any unique configuration required to reproduce the issue

Globality will review your report and confirm that your finding is original, meaningful, impactful, and that you followed all of our rules. A Globality team member will contact you to disclose our decision and arrange payment of the monetary reward determined by the team. Our typical range of rewards is $250 to $10,000.

Whistleblower Program

Globality is committed to conducting its business in a way that is consistent with our ethics, values, and principles. Our whistleblowing program allows any interested party, including employees, vendors, contractors, consultants, and customers, to report any issues with the way in which Globality and its people do business. We use an independent external service provider to ensure that those who have genuine concerns have the confidence to raise them and are protected when they do so. Globality protects the identity of reporting individuals and will never disclose their identity to anyone without their express consent.

  • The program allows interested parties to report the following
      • Actions that may result in danger to the health and/or safety of people or damage to the environment
      • Violations of Globality’s security policies
      • Disclosing confidential and/or personal information to unauthorized parties
      • Abuse of Globality’s equipment or information systems
      • Inappropriate conduct by a manager, supervisor, or other person with authority
      • Criminal offenses, including fraud, bribery, corruption, and money laundering
      • Conflicts of interest
      • Anticompetitive behavior
      • Failure to comply with any legal obligation
      • Misuse of company assets, including unethical practices in finances, internal accounting controls, financial reporting, and auditing matters
      • Any other legal or ethical concern
      • Concealment of any of the above
  • Whistleblowing program highlights
      • Any employee, contractor, customer, or any other interested party can file a report.
      • Reports can be filed anonymously.
      • Globality will make no effort to discover the identity of the reporter.
      • Globality will never retaliate against anyone who made a report in good faith.*
      • Globality will investigate each report to the best of its ability.
      • Reports and investigation results will be shared with the executive team.

      * Unless the person making the report implicated themselves in illegal or unethical activity

  • Actions that may result in danger to the health and/or safety of people or damage to the environment
  • Violations of Globality’s security policies
  • Disclosing confidential and/or personal information to unauthorized parties
  • Abuse of Globality’s equipment or information systems
  • Inappropriate conduct by a manager, supervisor, or other person with authority
  • Criminal offenses, including fraud, bribery, corruption, and money laundering
  • Conflicts of interest
  • Anticompetitive behavior
  • Failure to comply with any legal obligation
  • Misuse of company assets, including unethical practices in finances, internal accounting controls, financial reporting, and auditing matters
  • Any other legal or ethical concern
  • Concealment of any of the above
  • Any employee, contractor, customer, or any other interested party can file a report.
  • Reports can be filed anonymously.
  • Globality will make no effort to discover the identity of the reporter.
  • Globality will never retaliate against anyone who made a report in good faith.*
  • Globality will investigate each report to the best of its ability.
  • Reports and investigation results will be shared with the executive team.

* Unless the person making the report implicated themselves in illegal or unethical activity

Globality uses AI to improve productivity and business outcomes by automating suitable tasks and generating meaningful insights and guidance that speed up and improve sourcing outcomes. Globality deploys an internally managed and hosted service classifier as well as an externally hosted generative AI support bot. Globality takes our security and privacy obligations seriously and ensures that all AI processes are thoroughly reviewed, audited, monitored, and secure.

Globality's internal service classifier is solely hosted within our PROD environment and helps to identify service offerings and suppliers most relevant to a project. All data used to train these models are fully sanitized and anonymized prior to training to ensure any sensitive data, or PII, is removed. Globality prioritizes security and all data is fully encrypted at rest, in transit, and regularly audited for integrity.

Globality's generative AI solutions, hosted by Azure, provide support and augmentation services to users to streamline the platform experience and enhance their capabilities. Customer or platform data is never used to train the LLMs, and no data is ever stored by a third party. For more information on how Globality is using cutting edge technology to change procurement, please reach out.

Globality AI Model Training

To use the reporting service, you may:

Any of the methods below can be used with full anonymity. Please note bug bounty requests should be submitted to  and not through our whistleblowing program.

Call

1 866-921-6714 (USA)
or 0-800-092-3586 (UK)

Send an e-mail:

globality@integritycounts.ca

Visit

www.integritycounts.ca/org/globality
to file an online report.

Fax to

1 604.926.5668 (USA)

Mail to

PO Box 91880
West Vancouver BC V7V 4S4
Canada