blue background

Cyber Security

Our Commitment

Otis is committed to the cyber security of our products, services, and technology. We investigate all credible reports of security vulnerabilities affecting our products, services, or technology.

For correspondence unrelated to security vulnerabilities, please use our Contact Us page.

 

Your personal data, including first name, last name, email address, and phone number, will be collected, processed, and used by Otis to acknowledge your submission, to evaluate and/or investigate the issue(s) you have raised, to take appropriate action, and/or contact you for additional information. We will use your personal data as needed to address the concerns raised by you in your submission. We will not sell your personal data or make any secondary use of your personal data submitted here in other than an anonymized or aggregated manner. OTIS personnel and its service providers will have access to your submission (including your personal data). For purposes of this consent “personal data” shall be defined as any data that relates to an identified or identifiable natural person. OTIS operates globally, and your data may be transferred across borders including to the United States of America.

 

If you have questions about our use of your personal information or if you wish to modify or revoke this consent for us to use your personal information, please contact Otis by emailing privacy@otis.com.

Vulnerability Reporting

If you believe you have found a security vulnerability in one of our products or services, please send an email to productsecurity@otis.com with enough information to help us better understand the nature and scope of the potential issue.

Any information is helpful, but we would like to know the following:

  • Product or service and software/hardware version if known;
  • Instructions and proof-of-concept code to reproduce the issue; and
  • Any information regarding the use case scenario and any safeguards already in place
  • We encourage the use of our PGP key to send the information in an encrypted manner. Please access our PGP key here.

If you do not have access to an encrypted email application that can use PGP keys, please send us your contact information and someone from our incident response team will contact you. Please do not transmit sensitive information in plain text to the email address provided above.

You should receive a confirmation of our receipt of your email or similar response within 48 hours. Our response will include additional information to enable secure communication. Please follow up with us if you have not received a response within this time frame.

Please use our Contact us section for correspondence unrelated to security vulnerabilities.

Vulnerability Reporting

If you believe you have found a security vulnerability in one of our products or services, please send an email to productsecurity@otis.com with enough information to help us better understand the nature and scope of the potential issue.

Any information is helpful, but we would like to know the following:

  • Product or service and software/hardware version if known;
  • Type of issue and the potential impact it may cause;
  • Instructions and proof-of-concept code to reproduce the issue; and
  • Any information regarding the use case scenario and any safeguards already in place.

We encourage the use of our PGP key to send the information in an encrypted manner. Please access our PGP key here.

If you do not have access to an encrypted email application that can use PGP keys, please send us your contact information and someone from our incident response team will contact you. Please do not transmit sensitive information in plain text to the email address provided above.

You should receive a confirmation of our receipt of your email or similar response within 48 hours. Our response will include additional information to enable secure communication. Please follow up with us if you have not received a response within this time frame.