diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 903a60cb..c46abd60 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -15,6 +15,7 @@ v0.17.0 (unreleased)
     * Updated the Python, Anaconda, and Ubuntu versions used to generate the documentation.
 * Small import fixes and minor code cleanup (`ravenpy.extractors`). (PR #436)
 * Adjusted pins for `intake`, `intake-esm` and `zarr` to ensure notebooks run correctly. (PR #440)
+* Added a Security Policy (`SECURITY.md`) to the repository. (PR #441)
 
 v0.16.1 (2024-12-05)
 --------------------
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..eef3051f
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,38 @@
+# Security Policy
+
+## Supported Versions
+
+`RavenPy` receives regular updates every three to six (3-6) months. In the event of a security-related bug discovery soon after the release of a `RavenPy` version, the last supported version will receive a patch release.
+
+## Reporting a Vulnerability
+
+If you believe you have found a security vulnerability in `RavenPy`, we encourage you to let us know right away. We take all security vulnerabilities seriously and appreciate your efforts to responsibly disclose them.
+
+Please follow these steps to report a security vulnerability:
+
+1. **Email**: Email [github-support@ouranos.ca](mailto:github-support@ouranos.ca) with a detailed description of the vulnerability. If applicable, please include any steps or a proof-of-concept to help us understand and reproduce the issue.
+
+2. **Encryption (Optional)**: If you are concerned about the sensitivity of the information you are sharing, you can use the PGP key found below to encrypt your communication.
+
+3. **Response**: We will acknowledge your email within 48 hours and work with you to understand and confirm the vulnerability.
+
+4. **Fix and Disclosure**: Once the vulnerability is confirmed, we will work to address it promptly. We appreciate your patience as we investigate and implement a fix. Once resolved, we will coordinate the disclosure and provide credit to the reporter unless they prefer to remain anonymous.
+
+## PGP Encryption Key
+
+You can use the following PGP key to encrypt your communications with us:
+
+    -----BEGIN PGP PUBLIC KEY BLOCK-----
+
+    mDMEZamQrhYJKwYBBAHaRw8BAQdA+saPvmvr1MYe1nQy3n3QDcRE9T7UzTJ1XH31
+    EI4Zb6u0Mk91cmFub3MgR2l0SHViIFN1cHBvcnQgPGdpdGh1Yi1zdXBwb3J0QG91
+    cmFub3MuY2E+iJkEExYKAEEWIQSeAu+Cbjupx79jy9VeVFD6o5TVcwUCZamQrgIb
+    AwUJCWYBgAULCQgHAgIiAgYVCgkICwIEFgIDAQIeBwIXgAAKCRBeVFD6o5TVc4ho
+    AQDXjDkx0b3A7yl6PQ4hBJ2uYzw0UWbml7mUwVdhMmdZkQD/VJZQNWrCQeOtYEM8
+    icZJYwR/OsKFOWqlDytusGGtjwa4OARlqZCuEgorBgEEAZdVAQUBAQdAa41Zabjz
+    P9O+p6tI69Cnft6U5om3+qCcMo8amTqauH0DAQgHiH4EGBYKACYWIQSeAu+Cbjup
+    x79jy9VeVFD6o5TVcwUCZamQrgIbDAUJCWYBgAAKCRBeVFD6o5TVcwmaAQClDxW6
+    2gir7lhRXAcO+vmRImpGd29TrkcQVh+ak7VlwQEA706d7Kusiorlf/h8pLSoNMmS
+    kuLGmHpUJ8NVGppU+wo=
+    =wuxr
+    -----END PGP PUBLIC KEY BLOCK-----