Universal Registration Document 2021

RISKS, LITIGATION, AND CONTROLS INTERNAL CONTROL

These individuals are experienced IT professionals with a broad background and are well versed with the businesses and technologies they support. They ensure that the IT tools, services, and applications used by all Technicolor sites and businesses ( e.g. , e-mail, networks, phone systems, cloud platform evolution and operation, collaboration tools, video conferencing, web technologies, business intelligence tools, business and risk management tools and processes, the Technicolor Production Network) are operated and managed in an efficient, cost-effective, safe and secure manner. In addition, the IT organization provides Enterprise Architecture for new technologies, IT Vendor Management and Enterprise Project & Portfolio Management used to govern, regulate, and manage the IT organization (regulatory compliance, internal IT standards and best practices, project, and project portfolio management processes) ensuring that IT is properly aligned with Technicolor’s strategic objectives. This IT organization leverages the IT 3-year Plan to ensure that proposed new technology and applications are planned and executed in a rational and holistic manner; the plan encompasses both technical and business process impacts and encourages use across the corporation. Security is a key priority and an overall enterprise topic that affects each of our Business groups in different ways. For Entertainment Services, Studios assign their projects only to companies that meet their content security standards. Technicolor’s facilities and digital networks must pass customer initiated, security audits to win new contracts and to maintain client relationships. The TSO (Technicolor Security Office) plays a strong role in preparing and assisting in such audits. Security is also important for the Connected Home business. As devices are increasingly more open and complex, they are exposed to greater security risks. Security can be a real market differentiator. TSO helps Connected Home to deliver secure devices to their customers, and to adapt its product security posture to current threat levels. As such the TSO, was established in 2011 to define the Security Strategy at the Group level. Led by the Chief Security Officer, the TSO establishes priorities, defines best practices, monitors current implementations, develops common metrics, and promotes the security tools for the Group. The key areas of focus for the TSO are physical, digital, and business security, which are all covered as part of a Security 3YP that is organized around four main pillars: Protect, Detect, Respond & Recovery. Each pillar contains categories of initiatives (42 in total) that highlight the key SECURITY OF PEOPLE AND ASSETS, INCLUDING CYBERSECURITY [103-1 Customer privacy] [103-2 Customer privacy] [103-3 Customer privacy]

areas of focus and progress. A cross functional security team is in place being the main contributor in executing the 3YP. This team is comprised of: TSO-Assessment Team (AT), TSO-Physical Security, Content Security, Security Operating Center (SOC), Security and Governance, Risk and Compliance (GRC), and Business/Product Security. The TSO-AT act as internal security assessors and advisors. The TSO-Physical Security team establish standards, conduct assessments, and manage the global incident management processes The Content Security team provides assistance and guidance across all Technicolor Creative Studios sites for all security initiatives. The Security Operating Center (SOC) manage day to day security elements (tools, process, and data). The GRC arm of the TSO manage policies, global awareness program, tools, vendor assessments and the design of new processes and/or policies, as needed. The Product Security organization establish policies, procedures, and best practices around security for the product development lifecycle. The Group Security program is governed through a dedicated Security Steering Committee including each Business Heads, Head of HR, IT and TSO representatives. The Security Steering Committee meets at least twice during a twelve (12) month period. Business division/overall program security reviews take place on a quarterly basis. In 2021, over 268 site security audits were conducted across the global perimeter. These audits were performed by using a combination of internal TSO Assessment team and external audits conducted by customers, studios, MPAA and other security organizations. All audit findings have been incorporated into the 3YP which are prioritized based upon risk. In addition, following the Schrems decision by European Court of Justice, the TSO has acted as the central coordination point for the remediation of the internal legal framework to reinforce the Security clauses applicable to our providers related to EU data privacy and ensure GDPR compliance. The TSO also ensures other relevant privacy laws and regulations are complied with. Employee Awareness & Safety: For all employees, security conscious behavior is key. As such, within the GRC arm of the TSO a formal awareness program was developed to include on-line training program (GEM) with courses selected by the security working teams annually with compliance tracking metrics, Security videos and communications sent globally on key relevant topics (such as phishing, password management, etc .). These programs are regularly reviewed as part of external audits conducted by customers. Regarding travel and employee safety, updates to the process were made and administrative responsibilities were expanded to better respond to critical incidents. A supplemental procedure exists for travel to high-risk countries. An employee safety program has been established with an industry leader that enables alerts and communication to employees who are traveling or are situated near or at a location where an incident such as earthquake, fire, social disturbance, etc . has been reported.

3

77

TECHNICOLOR UNIVERSAL REGISTRATION DOCUMENT 2021