diff --git a/README.md b/README.md
index a46ae92..114197c 100644
--- a/README.md
+++ b/README.md
@@ -1 +1,3 @@
-# .github
\ No newline at end of file
+# .github
+
+StackHPC Github org-wide defaults and files.
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..b1d0b77
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,27 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+Thank you for taking the time to improve StackHPC open source projects.
+
+We take security issues seriously and appreciate your time and efforts in making
+our code safer through coordinated vulnerability disclosure.
+
+If you believe you have found a security vulnerability in any StackHPC repository,
+please use email secalert@stackhpc.com to notify us privately.
+
+### What to Include in Your Report
+To help us address the issue effectively, please include:
+- A clear and detailed description of the vulnerability.
+- Steps to reproduce the issue.
+- Any potential impact of the vulnerability.
+- Suggestions for mitigation, if possible.
+
+### Response Time
+We are committed to investigating and responding to reported vulnerabilities promptly.
+You can expect:
+- An acknowledgment of your report within 48 hours.
+- Updates as we progress on resolving the issue.
+- Notification when the issue is resolved.
+
+Thank you for helping us keep open source as secure as possible.