Security of data and users, an essentiel prerequisite of Legrand's IoT strategy
The security and confidentiality of user data is vital for Legrand. The Group makes every effort to ensure an optimal level of security and to minimise the fraudulent use of its solutions.
Security Incident Reporting Policy
The Legrand security incident reporting policy addresses security incidents, including security vulnerabilities, that affect connected products and services (Eliot) in order to support the security and safety of our customers.
To report a security incident, please send all the required information below within an encrypted email at firstname.lastname@example.org :
- Reporting language: English
- Contact: name, organization, country
- Incident / vulnerability details, such as:
- product name, model and firmware version,
- any special configuration required to reproduce the issue,
- step-by-step instructions to reproduce the issue,
- proof-of-concept or exploit code,
- impact of the issue, including how an attacker could exploit the issue.
Legrand will analyze the reported information and will potentially come back to you for further information. The validation of the incident should take a maximum of 10 days and you will receive our conclusion by return email.
If the incident is acknowledged, Legrand will proceed to the root cause analysis and determine the best solution to fix it sustainably. You may be involved during the testing phase to ensure the incident is properly fixed.
Once the mitigation is released, Legrand will prepare and release a security notification. Please respect a period of 90 days since your initial reporting before revealing the incident publicly, in order to provide our customers the time they need to protect their connected products.