Fortrum Conclusion is part of the Conclusion ecosysteem

Fortrum Fortrum
  • Services
    1. 37
      Consultancy

      Unlike large consultancy firms that offer broad, generic solutions, Fortrum delivers specialised, hands-on expertise tailored to the mortgage and lending industry.

    2. 20
      Due Diligence

      We conduct in-depth due diligence to assess the quality, integrity, and compliance of financial institutions and their portfolios.

    3. 33
      Academy & Research

      We practice what we preach: we know what we are really good at and we are really good at what we know. You can take training, tailored to your needs, at Fortrum or on-site at your own office.

    4. 32
      Portfolio Management

      In today’s highly regulated mortgage market, Lenders and Servicers must navigate increasing scrutiny, evolving regulations, and growing demands for transparency.

  • About us
    1. 50
      Our story

      We are at the heart of a dynamic and evolving lending market. We support both domestic and international clients from a foundation of deep, local expertise driven by true understanding of their needs and goals.

    2. 6
      Vacancies

      Looking for your next challenge? Here you’ll find all our current job openings. Explore the opportunities and become part of our team!

  • News
Contact us
Contact us

Fortrum Conclusion

Responsible Disclosure

At Fortrum Conclusion, the privacy and security of our clients are of the utmost importance. We ensure that all personal data processed through our systems is in safe hands. To this end, we conduct regular tests and actively scan our applications and infrastructure for potential vulnerabilities.

However, it is possible that a weakness may still be found in one of our systems. If you have discovered one, we kindly ask you to share it with us so we can take the appropriate actions as quickly as possible.

How to report vulnerabilities

You can report vulnerabilities by sending an email to cvd@yellowtail.nl.

We kindly ask you to observe the following:

  • Describe the vulnerability, how to reproduce it, the URL/IP address, and the potential impact as clearly as possible. Providing a suggested solution is encouraged.
  • Do not exploit the vulnerability, for example by retrieving more data than necessary to demonstrate the issue.
  • Do not share the vulnerability with others until the issue has been resolved.
  • Once you have been informed that the issue has been resolved, please delete any data obtained during your investigation from any systems where it may be stored.
  • Do not make any changes to systems (e.g. installing backdoors).
  • Vulnerabilities resulting from social engineering, physical attacks, DDoS, brute forcing, spam, malware, or third-party applications are considered out of scope of this policy.
  • You may choose to report the issue anonymously or under a pseudonym if you wish.

What happens after you report a vulnerability?

We will assess the report to determine the severity and scope of the issue. Based on this assessment, our Security Officer, Service Manager, and the relevant development and operations teams will define and implement mitigating measures appropriate to the risk.

What we promise in return

  • Your report will be reviewed within 5 working days.
  • We guarantee that we will not take legal action against you as a result of your report, provided you have complied with the conditions described under “How to report vulnerabilities.”
  • Your report will be treated confidentially. We will not share your personal data with third parties unless required by authorized authorities.
  • You will be kept informed of the progress in resolving the reported issue.
  • If you wish, we can publicly acknowledge you as the discoverer of the vulnerability, should we publish anything about it.
  • If your report leads to a successful fix of a system vulnerability, we are happy to reward you with a €50 gift voucher.
Voorgesteld Zoekresultaten
Waar kunnen we je mee helpen
Need help?
Fortrum