Worldline - 2019 Universal Registration Document

EXTRA-FINANCIAL STATEMENT OF PERFORMANCE Building customer trust with reliable, secured, innovative and sustainable solutions

Designing Green IT solutions D.2.2.3.2 If Worldline already addresses the energy efficiency of its data centers and the eco-design of its payment terminals (refer to this document Section D.5), the Research, Development & Innovation team with the Expert community and the CSR team, is working more specifically to develop energy-efficient software programming. Thus, this initiative has set up a technical offer around energetic measures of mobile applications thanks to the GreenSpector tool. Projects are carried out in this context to measure the energy consumption of a mobile application provided by Worldline as well as the autonomy of the payment terminals.

Besides, in 2019, the Expert community launched internally Worldline’s Golden Rules guidelines for coding to accompany its code quality analysis tool and thus better optimize code programming, together with the data transfer network. Worldline has also launched an initiative to measure the environmental impact of card payments through the Life Cycle Assessment (LCA) of a payment transaction. Performing a LCA is recognized globally as a key approach to identify direct and indirect impact of payment activities and reduce their environmental consequences. Worldline ambition for 2020 is to perform a LCA of face to face payments and of e-commerce payments, taking advantage of its end to end services, to thus identify the energy gains to be made.

Ensure system security, reliability & continuity D.2.3

A comprehensive and resilient Security Strategy D.2.3.1

Worldline Group security objectives D.2.3.1.1 and policy There are multiple factors that indicate that the security threat landscape is continuously changing: Attack surface is expanding (endpoints, networks, mobile ● devices, internet of things, cloud systems, industrial systems, etc.); Attack actors are increasingly structured (insiders, ● hacktivists, organized crime, nation sponsored, etc.); Attack vectors are more targeted and complex ● (ransomware, cross-platform malware, IoT botnet, swiftboating/hoax, watering hole, spear phishing, DDoS smokescreening, etc.). To respond to the development of new digital usages and their inherent risks in terms of cyber-security, Worldline has reinforced in 2019 its governance and management processes (in alignment with regulations such as PSD2 and GDPR) to fight against cyberattacks and data breaches.

Worldline Global Information Security Management System (ISMS) Since the end of 2019, Worldline Group Security has become fully independent from Atos group, which led to redefining and implementing a new centralized and harmonized Global Information Security Management System (ISMS), dedicated to Worldline activities and compliant with the ISO 27001:2013 standard. An ISMS is a systematic approach to managing sensitive company information through a set of security policies and standards so that it remains secure. It includes people, processes and IT systems by applying a risk management process. The main goal of this ISMS cover the protection of all of Worldline’s assets, whether owned, used or held by Worldline on behalf of its customers (information, intellectual property, sites, network, personnel, software and hardware). In 2019, Worldline has updated its Policies, Standards, Processes and Procedures to cover the objectives of the ISMS. Worldline Group security is managed by the Security, Risk, Compliance and Operational Performance department. Worldline Global ISMS also incorporates a Physical Security and Safety Policy which sets out rules and procedures to minimize inappropriate behavior inside and outside Worldline.

D

107 Universal Registration Document 2019