Sopra Steria - 2020 Universal registration document

4 CORPORATE RESPONSIBILITY Ethics and compliance

' ( " ) ) $# # %' + #) $# %! #( The continuous improvement approach adopted in line with the Group’s corporate responsibility policy put in place several years ago focuses on the various issues targeted by the French duty of vigilance law. The cross-reference table below indicates the sections within the statement of non-financial performance included in this document that describe the risk mitigation and prevention plans identified in the mapping of risks relating to the duty of vigilance.

Area

Category

Mitigation plans and preventive measures

Risks relating to the Group’s business activities

Human rights and fundamental freedoms

The relevant information is set out in Sections 2, 3 and 5 of this chapter, (pages 106, 115 and 132). The relevant information is set out in Section 2.2.5, “Health and safety”, of this chapter (pages 112 to 113). The relevant information is set out in Section 4, "Environmental responsibility: innovating all along our value chain", of this chapter (pages 122 to 131). The relevant information is set out in Section 3.4, “Responsible purchasing” of this chapter (pages 119 to 120).

Health and safety

Environment

Risks relating to the business activities of the Group’s suppliers

Responsible purchasing

, ()! !$, # (.() " The whistleblowing system put in place under the Sapin II Law on transparency, anti-corruption and the modernisation of economic life also covers the duty of vigilance. This system is accessible to employees of all Group entities. A description of the whistleblowing system and its procedure is provided on the Group’s intranet as well as those of all its subsidiaries. Reports are to be submitted from a specific email address for each entity or at Group level. This is open to external stakeholders, including in particular the Group’s clients, suppliers and other business partners. It can be accessed from the Ethics and Compliance page of the Group’s website at www.soprasteria.com. No alerts were raised in the course of the year in areas covered by the duty of vigilance legislation.

(.() " )$ "$# )$' ) " (*' (

"%! " #) # (( (( ) ' ) + # ((

For risks relating to the duty of vigilance, the procedures for the regular assessment of the Group’s business activities and those of its subsidiaries, along with those of its main suppliers, are carried out at the level of the departments concerned. Each department with oversight for issues involving the duty of vigilance is responsible for monitoring the risks identified in the mapping of risks relating to the duty of vigilance. All of these departments are involved in the identification and implementation of reasonable and appropriate vigilance measures for their respective areas of responsibility. They report on their monitoring activities at the Group’s steering committee meetings and twice a year to the Corporate Responsibility and Sustainable Development Committee. The risk mitigation and prevention measures put in place with regard to the duty of vigilance are reviewed as part of the Group’s internal control procedures and are the focus of a consolidated report drawn up each year by the Internal Control Department and presented to Executive Management.

136

SOPRA STERIA UNIVERSAL REGISTRATION DOCUMENT 2020