Sopra Steria - 2018 Registration document

DETAILED PRESENTATION OF SOPRA STERIA Risk factors and internal control

❙ RISK RELATED TO CONTINUITY OF SERVICE AND INFORMATION SYSTEM SECURITY

Risk description

Risk management

The reliability of IT and communications infrastructures is an issue of growing importance to production. In view of its business model integrating service centres as well as national and worldwide shared data centres in nearshore and offshore countries, the Group is dependent on its remote production centres and telecommunications networks functioning correctly. Any claims, failures or shutdowns at the level of these centres could have an impact on both internal systems and client systems, resulting in a potential risk of non- compliance in the execution of contractual services, and consequently potential demands for damages and interest and/or loss of income. It should be noted that a proportion of the Group’s production activities are located in India. India still shows various characteristics that may constitute risk factors (including political, economic and social unrest, wage inflation, natural disasters and pandemics). The Group has service centres in Spain, Tunisia, Poland and India.

The continuity and security of our clients’ services is one of the key criteria in the definition of the policy for the Group’s production sites and the implementation decisions. The policy concerning site locations and all decisions taken in this regard follow the guidance provided by the Group based on various criteria, including client requirements and risk management (natural or geopolitical risks). The decision to expand into newgeographies, countries and regions is an integral part of this policy to maintain security and reduce risk exposure, allowing for the management of backup plans, in particular by setting up redundancies and duplication between sites. Once the decision has been made, strict prevention and security procedures covering physical security, information systems security, power cuts, regulation of temperature changes, data storage and backups apply to the Group’s production sites, service centres and data centres. The Group has a business continuity strategy that defines a nominal level of service and a principle of redundancy for all critical system components, relying in particular onmulti-site replications. Remote redundancy is implemented for all critical system components. Business continuity and disaster recovery plans are put in place and reviewed on a regular basis. Contracts with our suppliers are reviewed according to their nature by the Information Systems Department or the General Resources Department, taking account of the same security and service level requirements. In the case of outsourcing or subcontracting, the same level of service is demanded of our suppliers. The Group has four production facilities in India. These sites are distant from each other and located in three different regions, thus limiting the consequences of incidents or risks that might arise in a specific region. In addition, the fact that a large number of production facilities are used across the Group, with a range of onshore, nearshore and offshore services, makes it possible to have backup solutions.

33

SOPRA STERIA REGISTRATION DOCUMENT 2018

Made with FlippingBook Learn more on our blog