From e834e55297d16072e25486885b17afebab9578da Mon Sep 17 00:00:00 2001
From: John Collinson <13622412+johncollinson2001@users.noreply.github.com>
Date: Wed, 6 May 2026 08:56:31 +0100
Subject: [PATCH] Add SECURITY.md to outline security practices and reporting
 procedures

---
 SECURITY.md | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..fabd00a
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,23 @@
+# Security
+
+We take security and the protection of private data extremely seriously. If you believe you have found a vulnerability or other issue which has compromised or could compromise the security of any of our systems or private data managed by our systems, please do not hesitate to contact us using the method outlined below.
+
+## Table of Contents
+
+- [Security](#security)
+    - [Table of Contents](#table-of-contents)
+    - [Reporting a vulnerability](#reporting-a-vulnerability)
+    - [General Security Enquiries](#general-security-enquiries)
+
+## Reporting a vulnerability
+
+If you believe you have found a security issue in this repository, please report it using GitHub's private vulnerability reporting:
+
+1. [Report a vulnerability](https://github.com/NHSDigital/az-backup/security/advisories/new)
+2. Provide details of the issue and steps to reproduce
+
+This creates a private channel for discussion and allows us to coordinate a fix before any public disclosure.
+
+## General Security Enquiries
+
+If you have general enquiries regarding our cybersecurity, please reach out to us at [cybersecurity@nhs.net](cybersecurity@nhs.net)