Worldline - 2020 Universal Registration Document

D

EXTRA-FINANCIAL STATEMENT OF PERFORMANCE Building customer trust with reliable, secured, innovative and sustainable solutions

In 2020 Worldline completed a first round of Life Cycle environmental footprint. The first initiative is internal and aims Assessment (LCA) for card payment transaction. LCAs are at supporting the adoption of an eco-design approach. The rather common in the product manufacturing industry but only second is aimed at the whole payment ecosystem a couple of those have been done up until nowo n payment stakeholders. The third is aimed at supporting the eco-design services and none had been initiated by a private company. community through R&D activities. The LCA enables Worldline Worldline Labs and the Expert community gathered to support to be identified and make our voice heard by the regulator, this initiative by helping to determine the functional scope; by industrial and academic community driving the trend to a more identifying the functional and technical workflowo f responsible digital world. With this project, Worldline confirms transactions and by assessing together with the auditor the its role as an innovative and leading actor in the eco-design of quality of data collected. The outcome of this study should payment solutions. now nourish several initiatives to reduce payment

Ensure system security, reliability & business continuity D.2.3

A comprehensive and resilient Security Strategy D.2.3.1

Worldline Group security objectives D.2.3.1.1 and policy There are multiple factors indicating that the security threat landscape is continuously changing: Attack surface is expanding (endpoints, networks, mobile ● devices, internet of things, cloud systems, industrial systems, etc.); Attack actors are increasingly structured (insiders, ● hacktivists, organised crime, nation sponsored, etc.); Attack vectors are more targeted and complex ● (ransomware, cross-platform malware, IoT botnet, swiftboating/hoax, watering hole, spear phishing, DDoS smokescreening, etc.). To respond to the development of new digital usages and their inherent risks in terms of cyber-security, Worldline has reinforced in 2019 and 2020 its governance and management processes to fight against cyber-attacks and data breaches 1 . Worldline Global Information Security Management System (ISMS) Since the end of 2019, Worldline Group Security has become fully independent from Atos group, which led to redefining and implementing a new centralised and harmonised Global Information Security Management System (ISMS), dedicated to Worldline activities and compliant with the

ISO 27001:2013 standard as well as regulations such as PSD2 and GDPR. An ISMS is a systematic approach to managing the Company information through a set of security policies and processes so that it is managed as required by the applicable security level. It includes people, processes and IT systems by applying a risk management process. The main goal of this ISMS cover the protection of all of Worldline’s assets, whether owned, used or held by Worldline on behalf of its customers (information, intellectual property, sites, network, personnel, software and hardware). In 2019, Worldline updated its Policies, Standards, Processes and Procedures to cover the objectives of the ISMS. In 2020, this global ISMS has been successfully implemented across all Worldline entities. Worldline Group security is managed by the Quality, Security, Risk, Compliance (QSRC) department within the Technology & Operations Office. Worldline Global ISMS also incorporates a Physical Security and Safety Policy which sets out rules and procedures to minimise inappropriate behaviour inside and outside Worldline. Worldline Security Strategy Worldline Security Strategy is a high level vision on how Worldline addresses cyber-threats. This global framework is implemented at Business Line level through customised cyber-security programmes. The objective of Worldline Security Strategy is to provide a common taxonomy and methodology to:

1 The very structured security organisation that has been strengthened recently following the Ingenico acquisition.

120

Universal Registration Document 2020