Our 3-Step Escape Plan

  • First Escape Route
  • Second Escape Route
  • Meeting Place
Notes

Use this space to note any additional information about your escape plan, i.e. who will assist

Your checklist

  • Get low

    Smoke is poisonous and more deadly than flames.

    If you breathe smoke for more than a few breaths it can kill you.

  • Be fast

    A house fire can kill you in less than three minutes.

    Don't spend time trying to save possessions.

  • Close doors

    A closed door buys you time.

    It slows down the spread of fire, giving you more time to get to safety.

  • Get out - stay out!

    People have died by going back into a fire.

    Don't leave the meeting place to go back inside for any reason.

Call emergency services as soon as you are out and safe. Ask for FIRE.

Clearly state your address and let the operator know it anyone is still inside or has not made it to the safe meeting place.

Emergency call 111 Emergency text 111
Fire & Emergency New Zealand

Responsible Disclosure Guidelines

Fire and Emergency New Zealand (Fire and Emergency) takes the security and privacy of our information seriously. If you identify a security issue with our systems or environment, please tell us so that we can get it fixed. 

Disclosure of system security issues 

We value input from anyone in our community. Disclosure of security issues within our systems helps us to ensure the security and privacy of our information. 

If you have identified a security issue within our systems, our Cyber Security team will work with you to validate and fix it. 

We won’t take legal action against you, or suspend or terminate your access to Fire and Emergency services if you follow these guidelines when reporting the issue to us. 

Fire and Emergency reserves all its legal rights if you do not follow the Responsible Disclosure guidelines. 

Responsible Disclosure guidelines 

These guidelines are designed to help both you and Fire and Emergency when you find a security issue with our systems. If you are doing security testing, please: 

  • Make every effort to avoid: 
    • a breach of the privacy of individuals 
    • anything that will slow the system down for users 
    • disruption to production systems 
    • destruction of data. 
  • Perform research only within the scope set out below 
  • Delete, and do not share, any Fire and Emergency confidential information or personal information you might have obtained 
  • Email cyber.security@fireandemergency.nz to report security issues with our systems as soon as possible after you find them 
  • Keep information about any security issues with our systems that you’ve discovered confidential between yourself and Fire and Emergency until we have had an opportunity to fix them. 

Our Commitment to you 

If you follow these Responsible Disclosure guidelines when reporting an issue to us, we commit to: 

  • Be as straightforward and communicative as we can with you 
  • Treat the information you share with us as confidential within Fire and Emergency and our suppliers, unless we must disclose it because: 
  • A third party discovers the security issue within our system before we’ve had the opportunity to resolve it, or 
  • The information on the security issue within our system is used to cause a privacy breach and Fire and Emergency is required to handle the breach in accordance with the Privacy Act 2020. 
  • Not take any legal action against you related to your research provided you follow the Responsible Disclosure guidelines, keep our information confidential, and cause no damage/disruption to Fire and Emergency services 
  • Work with you to understand and resolve the issue quickly (including an initial confirmation of your report within seven days of submission) 
  • We may recognise your contribution with a letter of acknowledgement if you are the first to report the issue and we make a code or configuration change based on the issue. 

In Scope 

This policy applies to any and all security issues identified on online services operated under the following domains: 

  • fireandemergency.nz 
  • firepermit.nz 
  • checkitsalright.nz 
  • escapemyhouse.nz 
  • Fire.org.nz 
  • firehazard.nz 
  • firewisekids.co.nz 
  • nrfa.org.nz 
  • usar.org.nz 

Other domains and online services that are clearly identified as owned and / or operated by the Fire and Emergency New Zealand. 

Out Of Scope 

Services hosted by third-party providers or vendors are excluded from scope. Any government departments or agency providers and services are excluded from scope. 

For issues that affect other government departments or agency providers, we suggest you contact NCSC NZ who offer an anonymous reporting service for system security issues. 

In the interest of the safety of our users, employees, the internet at large, and you, the following test types are excluded from scope: 

  • Findings from physical testing such as office access (e.g. open doors, tailgating) 
  • Findings derived primarily from social engineering (e.g. phishing, whaling) 
  • Findings from applications or systems not listed in the ‘In Scope’ section 
  • UI and UX bugs and spelling mistakes 
  • Network level Denial of Service (DoS/DDoS) weaknesses
  • Destruction or corruption of (or attempts to destroy or corrupt) data or information that belongs to Fire and Emergency. This includes any information that may be relevant to you. 

How do you report a security issue? 

If you believe you’ve found a security issue in one of our products or platforms, please send it to us by emailing cyber.security@fireandemergency.nz.  Please write the report clearly in English or Te Reo Maōri, and include the following details: 

  • Type of security issue 
  • How you found the security issue 
  • Whether the security issue has been published or shared with others 
  • Affected configurations 
  • Exposure or possible exposure of any personal information 
  • Description of the location and potential impact of the security issue 
  • A detailed description of the steps required to reproduce the issue or risk (Proof of concept scripts, screenshots, and compressed screen captures are all helpful to us) 
  • If you wish, you can provide your name/handle for recognition in our Hall of Fame. 

Feedback 

Please feel free to provide us any feedback or suggestions regarding this policy. You can contact us via email at cyber.security@fireandemergency.nz

About this policy 

This information disclosure policy was written in combination with the New Zealand Internet Task Force (NZITF) coordinated disclosure guidelines and Ministry of Social Development (MSD) Responsible Disclosure guidelines