Worldline - 2019 Universal Registration Document

D

EXTRA-FINANCIAL STATEMENT OF PERFORMANCE Building customer trust with reliable, secured, innovative and sustainable solutions

Worldline Security Strategy Worldline Security Strategy is a high level vision on how Worldline addresses cyber threats. This global framework is implemented at each managerial unit level through customized cybersecurity programs. The objective of Worldline Security Strategy is to provide a common taxonomy and methodology to:

Describe its current cybersecurity posture

Describe its target state to align with industry best practices

Identify and prioritize opportunities for improvement

Assess progress toward the target state

Communicate among all stakeholders about cybersecurity risk management

This Security Strategy is based on the NIST (National Institute of Standards and Technology) Cybersecurity Framework. It is organized in five main functions that are defined below. All these functions form an operational culture and address the dynamic cybersecurity risk.

Identify

Protect

Detect

Respond

Recover

Develop a cybersecurity risk management that enables Worldline to cover all its systems, assets, data and capabilities dimensions and prioritize its efforts.

Develop and implement the appropriate safeguards to avoid attacks or limit/contain the impact of a potential cybersecurity event.

Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event.

Develop and implement the appropriate activities to take action regarding a detected cybersecurity event and contain its impacts.

Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event.

As part of the Entreprise Risk Management processes, the Security, Risk, Compliance and Operational Performance department conducts and analyzes regular security risk assessments. This risk analysis enables the Company to prioritize and refine its Security Strategy and the local cybersecurity programs ensuing. Worldline main security objectives Thus, Worldline Group security is focus to achieve the five following commitments:

Core Worldline security principles

Consistency in high standards application

Prevention to avoid attacks

Detection and analysis to address security incidents Consolidate and extend the services related to Security Operation Center (SOC)

Improvement to avoid re-occurrence

Reporting to monitor our performance

Main commitments and actions

Maintain a full coverage of

Train 100% of its employees yearly regarding PCI-DSS

Continue to respond to incidents

Achieve defined Security Key Performance Indicators.

ISO 27001 Security certification across Worldline

consistently with the security policy to understand root causes and avoid re-occurrence

108

Universal Registration Document 2019