DNFP 2020

2020 DECLARATION OF NON-FINANCIAL PERFORMANCE OF THE DESCOURS & CABAUD GROUP 24 COMMITMENT TO INFORMATION Information is the foundation and the structure of a company. This information is an asset that constitutes both its strength and its everyday existence: files, databases, working methods and employee records are key assets for its operation. DESCOURS & CABAUD's business, operating in a context of consistent growth but in a market that is nonetheless highly competitive, is conducted not only through traditional channels (via sales through its branches and outlets) but also via e-commerce. All this operates through a body of information: the company's strategic data, its commercial data (its product and price databases, supplier and customer databases, negotiated agreements, etc.), financial data, personal data, technical information on our systems, sensors, etc. The risk factors and their consequences: The purpose of security of information is to guarantee the accessibility and the availability of the information, to guarantee its integrity (i.e., the accuracy and completeness of the data handled), to guarantee the confidentiality of access to the data; and to ensure the traceability and visibility of all actions that may affect the quality of the information concerned. Any loss or compromising of the information concerned may have fatal consequences for the company, given the sensitivity of data that could potentially be placed at the mercy of malicious third parties and be used for illegal or fraudulent purposes. The company must therefore do everything possible to protect its information against external or internal threats. The means of control: In its present context of external growth, the DESCOURS & CABAUD Group aims to harmonise its security of information practices for its French and international subsidiaries, while respecting their principles of autonomy and their respective constraints. In 2020, the emphasis placed on the sharing of our policies, of conformity assessments, the progressive integration of our subsidiaries into our security solutions and common services all contribute to this aim. Key performance indicators: The Group’s greater degree of maturity with regard to previous years now allows us to present global indicators in relation to an international perimeter. Regrouping themajor security concerns, these indicators provide visibility in the following respects: • systems of governance for security of information (in terms of organisations, policies, the raising of awareness), • steering through the risk areas in our security strategies, • the technical aspects of the securing of information systems. Our intention is to attain within a minimum of 2 years indicators giving over 75% of coverage in relation to the benchmark references generally accepted in this domain, and to maintain this level thereafter.