Worldline - 2020 Universal Registration Document

EXTRA-FINANCIAL STATEMENT OF PERFORMANCE Building customer trust with reliable, secured, innovative and sustainable solutions

Describe its current cyber-security posture

Describe its target state to align with industry best practices

Identify and prioritise opportunities for improvement

Assess progress toward the target state

Communicate among all stakeholders about cyber-security risk management

This Security Strategy is based on the NIST (National Institute of Standards and Technology) Cyber-security Framework. It is organised in five main functions that are defined below. All these functions form an operational culture and address the dynamic cyber-security risk.

Identify

Protect

Detect

Respond

Recover

Develop a cyber-security risk management that enables Worldline to cover all its systems, assets, data and capabilities dimensions and prioritise its efforts.

Develop and implement the appropriate safeguards to avoid attacks or limit/contain the impact of a potential cyber-security event.

Develop and implement the appropriate activities to identify the occurrence of a cyber-security event.

Develop and implement the appropriate activities to take action regarding a detected cyber-security event and contain its impacts.

Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cyber-security event.

As part of the Enterprise Risk Management (ERM) and Operational Risk Management (ORM) processes, the QSRC department conducts and analyses regular security risk assessments. This risk analysis enables the Company prioritising and refining its Security Strategy and the local cyber-security programmes ensuring the control of the risk from an aggregated perspective. Worldline main security objectives Thus, Worldline Group security is focus to achieve the five following commitments:

D

Core Worldline security principles Main commitments and actions

Consistency in high standards application of standards and regulations Maintain a full coverage of security certifications and adapt to new cyber-security requirements coming from regulators

Prevention to avoid attacks

Detection and analysis to address security incidents Adaptive security framework able to optimally and dynamically respond to any cyber-threat that may lead to data, service or reputational damage

Improvement to avoid re-occurrence Continue to keep incident resolution at 100% consistent with our security policy. Incidents are reported and root causes are well understood in

Reporting to monitor our performance

Train WL employees yearly regarding cyber-security threats in order to strengthen and maintain data security awareness

Achieve defined Security Key Performance Indicators.

order to avoid re-occurrence

Maintain a full coverage of security certifications and ● adapt to new cyber-security requirements coming from regulators. Worldline has been engaged in an ISO 27001 Multi-Site Certification (MSC) programme with Atos group until end 2019. A Worldline standalone MSC programme has been defined to cover ISO standards 9001, 14001, 27001. This multisite approach ensures that Worldline does

have a homogeneous approach regarding certifications on ISO standards. Therefore, it uses the same policies and processes in all the Company. This will ensure that it can provide a consistent level of quality and security for all services that it is providing, independently of the country

or site.

Universal Registration Document 2020

121