Security incident
Security of data and users, an essentiel prerequisite of Legrand's IoT strategy
The security and confidentiality of user data is vital for Legrand. The Group makes every effort to ensure an optimal level of security and to minimise the fraudulent use of its solutions.
Security Incident Reporting Policy
The Legrand security incident reporting policy addresses security incidents, including security vulnerabilities, that affect connected products and services (Eliot) in order to support the security and safety of our customers.
Reporting
To report a security incident, please send all the required information below within an encrypted email at security-incident-on-iot@legrand.com :
- Reporting language: English
- Contact: name, organization, country
- Incident / vulnerability details, such as:
- product name, model and firmware version,
- any special configuration required to reproduce the issue,
- step-by-step instructions to reproduce the issue,
- proof-of-concept or exploit code,
- impact of the issue, including how an attacker could exploit the issue.
The GPG key needed to encrypt the email can be downloaded on the Legrand Group website. We will acknowledge receiving your message within 3 days.
Download the GPG key
Validation
Legrand will analyze the reported information and will potentially come back to you for further information. The validation of the incident should take a maximum of 10 days and you will receive our conclusion by return email.
Mitigation
If the incident is acknowledged, Legrand will proceed to the root cause analysis and determine the best solution to fix it sustainably. You may be involved during the testing phase to ensure the incident is properly fixed.
Disclosure
Once the mitigation is released, Legrand will prepare and release a security notification. Please respect a period of 90 days since your initial reporting before revealing the incident publicly, in order to provide our customers the time they need to protect their connected products.
discover
Our solutions
The ELIOT program
World presence
CSR