Cyber security

We conduct thorough cyber risk assessments before and during each third-party relationship. The level of scrutiny is based on the type of data you access and the services you provide.

This includes:

• Completing cybersecurity assessments
• Addressing any identified risks or control gaps
• Maintaining written agreements that reflect your responsibilities

Our proactive approach helps us identify and address any issues promptly, maintaining the highest standards of security.

In today's interconnected business landscape, collaboration is key. Our partnerships with suppliers, contractors, and service providers are vital, and so is the security of the data they access.

We require suppliers to follow GSK’s cyber security schedule requirements.

These cover:

• Data protection
• Access control
• Incident readiness
• Secure development practices

By aligning with these controls, we strengthen the resilience of our shared supply chain, ensuring that we are accountable for our impact and doing the right thing.

Timely reporting of security incidents is crucial. If there is a suspected or confirmed data breach involving GSK information, you must:

• Report it promptly to cstd@gsk.com
• Support GSK’s investigation and response
• Share details of affected systems and individuals (if applicable)
• Take corrective action to prevent recurrence

Please follow your incident response plan and any legal requirements. GSK may ask you to assist in regulatory notifications if needed. Your prompt action helps us protect our data and maintain trust.

By working together, we can protect sensitive data, reduce cyber risks, and uphold the trust that underpins our global partnerships and ensure the safe and reliable delivery of treatments to our patients.

This collaborative effort ensures that we remain ambitious for patients, accountable for impact, and committed to doing the right thing.