Saint-Gobain // Universal Registration Document 2021

Risks and control Internal control

Corporate departments

Reference standards and/or measures EHS reference framework and ■ standards ISO 45001, ISO 14001 and ■ ISO 50001 standards Minimum security rules ■ Technical standards ■ Development standard for ■ secure web applications Note on the Cloud ■ Datacenter security rules and ■ public Cloud security rules ITAC reference bases ■ SAP users control tool ■ SAP systems security ■ monitoring and checking tool (SAP4SG) Industrial Systems Security ■ Framework ISO 9001 standard with ■ certification in Raw Materials, Precious Metals and Energy for Saint-Gobain Purchasing Purchasing Process within the ■ Internal Control Reference Framework EHS Saint-Gobain audits ■ ISO certification audits ■

Main responsibilities

2021 key figures

Environment, Health and Safety (EHS) Department

Promote and coordinate Group EHS policy ■ Monitor the application of EHS reference ■ framework principles

Industry audits: ■

14 “ISA” audits (1) ■ 9 “ISA-MINI” audits ■ Distribution audits: ■ 206 “ESPR” audits (2) ■

and Medical Department

Information Systems Department

Define Group policy for information ■ systems and computer network security Promote and coordinate an annual ■ self-assessment plan Control the implementation of rules and ■ best practices

See Chapter 6, Section 2.5.4 – ■ General doctrine on information systems security

Purchasing Department

Completion of nearly 11,300 ■ individual actions by buyers in 2021 Two specific local purchasing ■ internal audits Six buy-techs (3) were carried ■ out in two countries. As travel is prohibited or limited, four of the buy-techs were carried out in a digital format

Manage the World Class Purchasing ■ program, an approach focused on purchasing performance, department professionalization, the internal customers department, and supplier innovation with a view to creating a competitive advantage for Saint-Gobain Exploit all centralized multi-business and ■ multi-country purchasing synergies Coordinate the purchasing function ■ Develop the culture of Responsible ■ purchasing, in line with the Group’s commitments Execute the Digital transformation of the ■ Purchasing function, in collaboration with the countries and businesses Define Group policy for property damage ■ at industrial or distribution sites Define Group policy for insurance and ■ monitoring its implementation Steering centralized insurance programs ■

6

Risk and Insurance Department

Prevention/protection ■ reference base “Risks Grading” ■ self-assessment tool Doctrine memos ■ Risks and Insurance Intranet ■

270 site visits by prevention ■ engineers and 6 specific flood risks visits 44 remote follow-up meetings ■ 1,268 sites that have performed ■ their Risk Grading self-assessment 757 point-of-sale assessments ■ (including 114 as catch-up to the 2020 program due to Covid-19 and 64 self-assessments) 13 prevention/PCA training ■ sessions Regular plants inspections ■ 159,534 internal/external ■ foreign exchange transactions in 2021 More than 150 meetings per ■ year with the Regions/HPS 9 training modules (7 in-person ■ modules + 2 remote modules) 175 DAC (Credit Authorization ■ Requests) 56 acquisition projects, of which ■ 43 were finalized (35 closed + 8 signed) 24 divestments and mergers ■ completed 35,661 internal/external ■ transfers issued in 2021

Treasury and Financing Department

Define policy for financing, market risk ■ control and banking relationships for the entire Group

Procedural reference base ■ for DTF activities ■ for subsidiary activities ■ Daily reports (DTF) and ■ monthly reports (subsidiaries and DTF) Dashboards ■ Permanent relationship with ■ the Regions/HPS Oversight of the network of ■ Group controllers Implementation of common ■ analysis tools Group reference base and ■ opinion of the corporate departments

Financial Control Department

Implement continuous control of the ■ Group’s results and operating performance Participate in drawing up the budget and ■ periodic budget reviews Oversee monthly results figures at all ■ levels of the organization Closely analyze and validate the financial ■ consequences of investment, acquisition, divestment, merger and capital expenditure plans and restructurings

SAINT-GOBAIN UNIVERSAL REGISTRATION DOCUMENT 2021 243