The vigilance plan consists of four components, to reflect the measures required by the French duty of vigilance law: A mapping of risks to identify, analyse and prioritise the risks p relating to the duty of vigilance; Risk mitigation and prevention plans; p A whistleblowing system for the receipt of reports relating to the p existence of risks or the occurrence of risk events; A system to monitor the measures implemented and assess their p effectiveness. The vigilance plan is reviewed each year, in light of possible developments in risks, the effectiveness of mitigation measures put in place, and developments in the Group’s business and operations. Furthermore, reasonable vigilance measures are implemented gradually for newly acquired companies as part of the integration of these companies within the Group and with respect to its procedures and systems. The mapping of risks relating to the duty of vigilance draws on the Group’s overall risk mapping exercise as well as the main challenges identified during the preparation of the Group’s statement of non-financial performance. The methodology used for the mapping of risks relating to the duty of vigilance is the same as that used for the Group’s overall risk mapping exercise and thus involves consultations with the various departments concerned, with ' ( " %% # - ' (
responsibility for the entire scope of the Group’s operations, namely the Human Resources Department, the Corporate Responsibility and Sustainable Development Department, the Purchasing Department, the Industrial Department, the Information Systems Department, the Legal Department and the Internal Control Department. Given its business activities, Sopra Steria has relatively limited exposure to risks relating to the duty of vigilance. Nevertheless, some of the risks identified were considered as having an impact, although without being regarded as major risks falling within the scope of the duty of vigilance. The risk areas listed below relating to the duty of vigilance were analysed and prioritised in line with their severity and likelihood of occurrence in the context of the Group’s business activities and those of its main suppliers: Human rights and fundamental freedoms: diversity and equal p opportunities, freedom of association and the right to collective bargaining, protection of personal data, respect for the rights of local communities, preventing child labour and forced labour within the supply chain; Health and safety: right to health, right to safe and healthy p working conditions ( e.g. access to buildings, sanitation, safety and security of business travel), prevention of occupational illnesses, healthcare benefits and workplace prevention measures; Environment: air and soil pollution, depletion of raw materials, p soil erosion and degradation, treatment of polluting waste, GHG emissions, degradation of ecosystems and biodiversity.