PSA - 2019 Universal Registration Document

First page Table of contents Previous page 36 Next page Last page

GROUPE PSA Risk factors DPEF.B

INFORMATION SYSTEMRISKS AVERAGERISK 1.5.2.10.

Riskfactors

Riskmanagement andcontrolprocesses

Risks related to Groupe PSA’s Information Systems, including those embeddedin vehicles,stem from targetedattacks or malicious activities,anomaliesin the behaviourof participants,failures or disasters. Their consequences would be economic, legal or damagingto the Group’s image. Thereare alsorisksassociatedwithour information systemswhich are increasingly hosted externally. (SAAS andCloud)

A GroupInformationSystemsSecurityPolicyis in force,covering the Automotive and Finance Company divisions. It is deployedin the operationaldivisionsthroughgovernance implementedby the GroupProtectionDepartment in connection withtheIT Department. In orderto managetheserisks,the Groupimplementsa rangeof measuresthatconcernboththedesignfeaturesof its Information Systems and their use and maintenance: These measures are focusedon the following areas: strengtheningcontrolover accessto informationand sensitive > applications by reviewing the rights granted to Group employees and third parties; implementingtools that employeescan use to indicate the > confidentiality level or their e-mails, which triggers the appropriate protection; continuousawareness trainingof employeeson thedangersand > best practices in controlling informationby the continuous deploymentof an InformationControl ManagementSystem ( Système de managementde la maîtrise de l’information – SMMI); intensifyingresearch on security vulnerabilitiesin computer > applications and implementing corrective actions; deploymentof DisasterRecoveryPlansthat guaranteethat the > Groupwould be able to continueits essentialoperationsif a malfunction or major incident occurred at oneof its IT centres; compliancewithregulatoryand legaldevelopments, specifically > related to personal data; introductionof safetymeasuresfor peopleand propertyin the > embedded systems of networked vehicles similar to those already used in stand-alone systems; institutinga cross-functionalstructurewhen it comes to the > implementation of cybersecurity of connected vehicles; implementation of the security operation center (SOC): > a controltowerimprovingourvisionanddetectionof anomalies and attacks, and considerablyleveragingour ability to take action.

36

GROUPE PSA - 2019 UNIVERSAL REGISTRATION DOCUMENT

Made with FlippingBook - professional solution for displaying marketing and sales documents online