Exclusive Networks // Sustainability Report 2022

Ethics, fair practices, compliance and security Cybersecurity governance and organisation

consulting firm. They conduct tests and interviews to identify risky practices or any deviations and the corrective actions to be taken.

Management of the compliance programme Regular audits are conducted jointly by the Group’s Internal Audit department and an independent

Action

2022 results

Control, monitor and evaluate the implementation of the Group’s compliance programme [GRI 205-3]/SDG 16.5

14 audits carried out covering anti-corruption No proven cases of corruption identified No employees dismissed or sanctioned for corruption No conviction for corruption against the Exclusive Networks Group, one of its subsidiaries or one of its employees

The Exclusive Networks Group has set itself the objective that all countries will be audited at least every five years covering anti-corruption, and that the audit plan will cover 30% of the revenue.

6.3

Cybersecurity governance and organisation

The Group’s security strategy is proposed by the CISO and approved by the Cyber Defence Council, which reports to the Group Chief Information Officer (CIO), himself a member of the Group Executive Committee. To ensure effective deployment of the policy and related security measures, there is a functional link between the CISO and each of the local IT managers.

IT systems security organisation inside the Group Within the Exclusive Networks Group, the IT systems security department is under the authority of the Chief Information Security Officer (CISO). The CISO has full authority over the entire security infrastructure of the Group, both at the central level and in the countries where the Group operates.

Security organisation

Chief Technical Officer

Technical support

Group Executive Committee

Chief Information Officer

Chief Information Security Officer

Global Security Operations Center

Local technical teams

Cyber Defence Council

In parallel, the Global Security Operations Center (GSOC) department is in charge of managing security incidents in the entire Exclusive Networks Group, including local infrastructures and offices. To do so, the GSOC department performs the following three duties:  monitoring, incident response and reporting on the entire security infrastructure of the Group worldwide;

 deploying, configuring and managing all security infrastructure and devices to ensure a centralised, harmonised and automated global security standard;  supporting the user helpdesk, infrastructure team and employees. The GSOC department is further supported by an external Managed Endpoint Detection & Response service, which monitors and deals with security incidents

63

Exclusive Networks

Sustainability Report 2022

Made with FlippingBook. PDF to flipbook with ease