DNFP 2019

2019 DECLARATION OF NON-FINANCIAL PERFORMANCE OF THE DESCOURS & CABAUD GROUP 23 Information compromise Information is the foundation and the structure of a company. This informational asset is both its strength and its existence: files, databases, work methods and employee records are key assets for its operation. DESCOURS & CABAUD's business in a highly competitive market, is conducted in both a traditional manner and through e-commerce. Moreover, the development of services requires centralised commercial data repositories, the integration of new technologies into the commercial offering and the introduction of Artificial Intelligence all blended together to maximise our customer service offering. All this relies on a body of information, the company's strategic data, commercial data (the products and prices data repository, the suppliers and customers data repositories, negotiated agreements, etc.), financial data, personal data, technical information on our systems, sensors, etc. RISK FACTORS AND THEIR CONSEQUENCES: The information security challenge is to ensure the accessibility and availability of information, guarantee its integrity (accuracy and completeness of the data), ensure the confidentiality of data access; and have traceability , visibility on actions that may affect the quality of the information. Any loss or compromise of information could deal a fatal blow to the company: the sensitivity of data that could potentially be exposed to malicious third parties and be used for illicit or fraudulent purposes. The company must therefore make every attempt to protect its information against external or internal threats. > The means of control: The Executive Board of the DESCOURS & CABAUD Group has reasserted its commitment to a veritable information security strategy. For its French subsidiaries , this has led to the introduction of information security governance in the company, based on an Information Security Policy (ISP), and has given rise to a long-term information security strategy based on risk assessment. Budgets have been allocated to implement this strategy, with actions focusing on: • raising employee awareness through charters, guides and e-learning modules • an information classification approach • central management of our corporatedata repositories in order to manage and control information access • the technical infrastructure of our systems ensuring the development, robustness and availability of our information system • the security of technical infrastructures and applications • the security, partitioning of our IT network and flow filtering • the protection of our e-commerce applications