DNFP_2018_English

2018 DECLARATION OF NON-FINANCIAL PERFORMANCE OF THE DESCOURS & CABAUD GROUP 24 > The means of control: Information security consists of putting in place governance and processes designed to safeguard and protect the data when it is viewed, processed, stored and transmitted. This chapter presents the measures taken by the company to reduce these risks. > A CORPORATE APPROACH The Executive Board of the DESCOURS & CABAUD Group has reasserted its commitment to a veritable information security strategy. This has led to the introduction of information security governance in the company. This governance is headed by a Chief IT Security Officer, who reports to the Executive Board and internal committees. It is based on an Information Security Policy (ISP), which is circulated to all operations staff (headquarters and network - subsidiaries, branches), and has given rise to a long-term information security strategy based on risk assessment. Budgets have been allocated to implement this strategy. > AN AWARENESS-RAISING APPROACH In addition to the ISP, an IT charter and a guide to good practices handbook are circulated to all the staff. Furthermore, awareness-raising modules are available on our e-learning platform. > MULTI-DOMAIN INFORMATION PROTECTION ACTIONS • The information has been classified to identify and prioritise sensitive information. • Solutions are in place to ensure data confidentiality through encryption of laptops and certain sensitive directories. • Central management of our corporate data repositories (technical and business) for more effective data access control (identity management, security clearance management, review of user rights and permissions). • Group-wide user support to harmonise processes, in- cluding the access control process. • Involvement of the Chief IT Security Officer and the Data Protection Officer (DPO) in the IT solutions decision-making process, in conjunction with the IT Division, head office and the legal division (non-disclosure requirements included in our contracts, commitments to protect our data and security requirements). > ACTIONS REINFORCING THE SECURITY OF DATA STORAGE SYSTEMS Technical security measures are taken concerning data hosting (the data centre) and the operation of our IT infrastructure. We regularly test our business recovery capability based on formally defined procedures and a computer backup strategy. Other security measures include searches for technical vulnerabilities, management of security patches and of anti-virus protection.

RkJQdWJsaXNoZXIy MTQ0MjA1