diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..a01cafd
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,8 @@
+# Security Policy
+
+Please **do not** report security vulnerabilities through public GitHub issues or pull requests.
+
+Report them privately to **security@bahmni.org**.
+
+The full reporting, discussion, and disclosure process is documented here:
+https://bahmni.atlassian.net/wiki/spaces/BAH/pages/884277257/Security+-+Reporting+and+Discussion