WORLDLINE_REGISTRATION_DOCUMENT_2017

F

Risk Factors [GRI 102-15] and [GRI 102-11] Riskmanagement activities

Logging and monitoring: logging mechanisms and the ● ability to track user activities are critical in preventing, detecting, or minimizing the impact of a data compromise. Therefore, the presence of logs in all environments allows for thorough tracking, alerting, and analysis when something does go wrong; Security systems and processes testing: regular security ● tests are performed, including the detection of unauthorized wireless access points, internal and external network vulnerability scans, intrusion-detection systems and file-integrity monitoring tools.

The annual performance of the Group’s operational risk management process, supervised by the Operational Control division, analyzes security-related threats and vulnerabilities in order to avoid an unwanted increase in risk exposure. A formal security awareness program is maintained to ensure that all personnel are aware of the importance of cardholder data security. On a yearly base, all employees of the Group have to attend this program and to acknowledge that they have read and understood the security policy and procedures of the Group. Incident response plans are developed and deployed in order to be prepared to respond immediately in the event of a system breach.

Insurance

F.5.3

The Atos group’s management coordinates the Group’s policy with respect to insurance and is tasked with identifying the principal insurable risks and quantifying their potential consequences. The Group is insured under a series of policies maintained by the Atos group with internationally recognized insurance and reinsurance companies, covering its liabilities at levels that the Group believes are appropriate. In 2017, the total cost of its global insurance programs represented approximately 0.2% of the Group’s revenue (based on the price of coverage). The Group’s entities are covered by the insurance policies maintained by the Atos group, under which they are insured parties. These policies include general professional liability (responsabilité civile professionnelle) and operational and business interruption liabilities (dommages/pertes d’exploitation). After the listing of the Company’s shares on Euronext Paris, the Group continues to be covered under these insurance policies (in particular the policies maintained through the reinsurance company wholly owned by the Atos group). The largest Atos group insurance policies under which the Group is covered are centrally negotiated by the Atos group. The general professional liability policy is renewed on January 1 st, and the operational and business interruption liability policy is renewed on July 1 st . In 2018, these two policies were renewed

with coverage limits of € 200 million and € 150 million, respectively. The Group is insured under certain other policies covering other insurable risks for an amount adequate for the risks incurred, taking into account the size of, and risks incurred by, the Group. Deductibles are set at a level intended to encourage good risk management and to control premium costs. The Group also maintains policies required for regulatory reasons or to cover existing commercial premises, such as its credit risk policy, where the Group’s various entities incur specific risks. The Atos group formed a dedicated reinsurance company, which it wholly owns. This reinsurance company covers the Group’s entities in respect of certain portions of the general professional liability and operational and business liability policies. The insured risks are also monitored by the subscription committee of the reinsurance company owned by the Atos group, which ensures that capital and technical reserves are sufficient for the risks incurred and seeks a satisfactory level of diversity in reinsurers. The Committee also performs studies and analyses on a regular basis to verify the adequacy of the Group’s insurance coverage.

282

Worldline 2017 Registration Document