2. Home
  3. Support
  4. Product Security
  5. Product Security Policy

Delta IBT (Europe) Product Security Policy

Scope of Policy

This policy applies to all aspects of Delta IBT (Europe) products under the LOYTEC brand, including the development, deployment, and maintenance of our building automation devices and management systems. It covers the security of our products, the protection of building data, and the protocols for responding to security incidents.

Our security objectives are:

  • Protection of the confidentiality, integrity, and availability of our products and services.
  • Ensuring the privacy and security of our customers’ data.
  • Compliance with relevant legal and regulatory requirements.

Product and Service Security

Delta IBT (Europe) products and services employ various security technologies and practices to safeguard our products, including:

  • Encryption: We use robust encryption standards to protect data in transit and at rest.
  • Authentication: Multi-factor authentication is available on the BMS system to ensure that only authorized users can access sensitive systems.
  • Access Control: Access control mechanisms are in place to restrict access to critical functions and data based on user roles.
  • Security Testing: Regular security testing and vulnerability assessments are conducted to identify and mitigate potential threats. Standard automatic security tests are conducted during testing and the release process.
  • Common Vulnerability Scoring System (CVSS v4.0): We use CVSS scores to categorize the severity of vulnerabilities identified during security assessments

CVSS Score

9.0 – 10.0

7.0 – 8.9

4.0 – 6.9

0.1 – 3.9

Category

Critical

High

Medium

Low

Detailed information about product security and secure device configuration can be found in the LOYTEC Security Hardening Guide.

 

Secure Software Lifecycle

Delta IBT (Europe) develops software in a secure environment based on cybersecurity standards. These include:

  • ISO 27001 (Information security, cybersecurity and privacy protection)
  • ISO 62443-3-3 (System security requirements and security levels)
  • ISO 62443-4-1 (Secure product development lifecycle requirements)
  • ISO 62443-4-2 (Technical security requirements for IACS components)
  • IEC 18031 (Common security requirements for radio equipment Internet connected radio equipment)

Delta IBT (Europe) is planning for external certifications on those standards in 2027.

Vulnerability Reporting

Delta IBT (Europe) offers the following responsible vulnerability reporting process. We encourage our users and third parties to report vulnerabilities found in our products and services. We accept findings following common responsible disclosure processes via This email address is being protected from spambots. You need JavaScript enabled to view it..

Please provide the following information to help us to reply quicky:

  • Software/Firmware title
  • Version
  • Hardware model and serial number (if applicable)
  • Any description, logs, backups, sample exploits, packet traces, that help us understand your report
  • Whether and how we can contact you for further information
  • Whether you want to be recognized in the final report (opt-in)

The better we understand the findings, the better and faster we can react.

Our approach to handling vulnerabilities is as follows:

  1. Receiving your report via This email address is being protected from spambots. You need JavaScript enabled to view it.: We will assign a member of the security team to handle the request. You will receive confirmation as soon as possible.
  2. Verification: We will verify the vulnerability based on the data you provided to us. You will be informed of the verification result.
  3. Identification and classification: We will evaluate the CVSS score to determine the severity and impact of vulnerability. The reporter will be identified on the result of the analysis. Based on the CVSS score, the following measures will be taken:
    1. Critical/High: A release resolving the vulnerability will be scheduled as quickly as possible. We aim for a resolution within 96 hours. In case that target cannot be met, the reporter will be notified on the schedule on a regular basis.
    2. Medium: A release resolving the vulnerability will be scheduled for 30 workdays in advance.
    3. Low: A fix will be contained in the next regular release.
  4. Publishing: When a security-related release is published, the vulnerability will be disclosed on this web page, including its description, the reporter (opt-in), and possible mitigations for those users who cannot update immediately.
  5. Notification: Subscribers to the Delta IBT (Europe) security mailing list will be informed.

Review and Updates

This policy is reviewed annually and updated as necessary to ensure its continued relevance and effectiveness in addressing new security challenges.

Contact Information

If you have any questions or concerns regarding this security policy, please contact our security team at:

  • Email: This email address is being protected from spambots. You need JavaScript enabled to view it.
  • Office Hours: Monday to Friday, 9 AM - 5 PM

For confidential transmissions please encrypt data using the following PGP public key

PGP Public Key

-----BEGIN PGP PUBLIC KEY BLOCK-----
mQENBF8O0q8BCACpzctQsvhpyg2yT/1OwbVmbGA/nsqKhtAWfa3va8z94axPwCpO
bgZ92mhbCcgAWH2Vr3omm17XR6ijvC5Kqabgogj9ixTlGHiX6NrBjARHbGIQwQxP
9yqKLAuvjjnDRwdje6iTwL2PLx4rBfIZnCLakhs7qjrokGr44+yRk+FjJmEjJUT3
nuRd3W96WKpGFiMjZ5uO5TAaiVWMeUWzndjoT4xzcedHlci+9yp3IInzlbq6n3Gn
/pACyHCphTQ7u1yeHqcSRVbXpcqOGyTGTfKLgiBZEbNyd6bqDPT2Ny7bB+2kp8Vc
jW5KnyfkYpluGJCxWZv+UcgxdtNi/S8He5ypABEBAAG0JlN0ZWZhbiBTb3VjZWst
Tm9lIDxzc291Y2VrQGxveXRlYy5jb20+iQFUBBMBCgA+AhsDBQsJCAcCBhUKCQgL
AgQWAgMBAh4BAheAFiEE5VUQ7m9H9SZmMGua9vn0N+TBnwAFAmikTS4FCQ1X4X8A
CgkQ9vn0N+TBnwBPugf/Qgdjwo6rCb+Y0eCFBXlSt99rmryFOIF2kx7rg/NL1Od4
UW5TjN7ZkID/8SqMclezGj7ceXnzMSoWtpp9mjB2iihr8+vQE5WB0YJVYYZsplJ9
i3u2O/7slxE02DdAaPZPSesgTzYeouHrgvoI/Koxc8KswUBzTfsZIWQvEEMRr//6
jTuebml9Jymqg7f8vo8HZAZKiZVzi9zrz/5A69/m3PEN4qxLO0Px45ftiz/MUAwY
08f3tPGyaQHaYHtQc8oSoivHpOT0nW0QzvCBzr0sNZ/3lHODK8AqHGjulV7dFEvA
6MB064EjRCJpYuDIvPfT/IkpBOBOkjMf0DFZ03R5YrkBDQRfDtKvAQgAuVNGbmTN
CyaEMAeB6hy1OwBxbLvnFGOre+Z51bVG3Wf/+ztWnsdT4/FQIfQjY5cRaC+j4ssg
6/e/rXTArGBkRDB4T+KAc6skx9mO61pQZxR6ouF78MxRrIxt0b8vY3wTgD01iP6L
dvUS55Y6yxIjHkFUr6esgQreHh39GoJ/1zkDxHZS2ExWjqS9LuJoVHQHawk8IBtn
SdgSHkLSsXnKWQ/QKUv2AuhKRBTBuKdPlcdfGvigu2PS4BDhtxRh9LTM5cRK8A+O
OVkonCjjBAdAm0+sRupvqE147Y3IFSOEOCouPle3/g9MeC9KBX8gDewbiVMfSoWZ
DEdC7B6fKvuyjwARAQABiQE8BBgBCgAmAhsMFiEE5VUQ7m9H9SZmMGua9vn0N+TB
nwAFAmikTugFCQ1X4zkACgkQ9vn0N+TBnwDPkAf/Wxj1NvGWpTYXWKh30fbGUUVg
C9JW3zKb10iAvUjBw7YCtjiJstCFprnb0AX1Iloxh73mwdLVfADezMLqkQK8QoOX
c4+zfSc0n+pBcbkYYOvpBDYQpciCeg6AU5bA3Yu6aBqJDplAP9n5rOkJ0DEqkEJr
/YkfH2Cn8viVTOOiCXrZOW7UyIB39dcM8mp4Jb1xrEpmU4lpnS6iW9mXg3WWEBBU
6XuDwOOw/+Xtp3JVNz/v/o2I5644KSLziuNjqotVO21xzEkkdVx1xgbQReH4iU04
jgqVHU1/8YYr/DjQnCCguV75XxrIi5p/Poe9fJPQVIajjIr829qhYe/B+g983w==
=s47V
-----END PGP PUBLIC KEY BLOCK-----

Document Information

 Doc.-Nr.  71051701
 Version  1.0
 Date  2026-06-18