Worldline - 2020 Universal Registration Document
EXTRA-FINANCIAL STATEMENT OF PERFORMANCE Building customer trust with reliable, secured, innovative and sustainable solutions
Describe its current cyber-security posture
Describe its target state to align with industry best practices
Identify and prioritise opportunities for improvement
Assess progress toward the target state
Communicate among all stakeholders about cyber-security risk management
This Security Strategy is based on the NIST (National Institute of Standards and Technology) Cyber-security Framework. It is organised in five main functions that are defined below. All these functions form an operational culture and address the dynamic cyber-security risk.
Develop a cyber-security risk management that enables Worldline to cover all its systems, assets, data and capabilities dimensions and prioritise its efforts.
Develop and implement the appropriate safeguards to avoid attacks or limit/contain the impact of a potential cyber-security event.
Develop and implement the appropriate activities to identify the occurrence of a cyber-security event.
Develop and implement the appropriate activities to take action regarding a detected cyber-security event and contain its impacts.
Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cyber-security event.
As part of the Enterprise Risk Management (ERM) and Operational Risk Management (ORM) processes, the QSRC department conducts and analyses regular security risk assessments. This risk analysis enables the Company prioritising and refining its Security Strategy and the local cyber-security programmes ensuring the control of the risk from an aggregated perspective. Worldline main security objectives Thus, Worldline Group security is focus to achieve the five following commitments:
Core Worldline security principles Main commitments and actions
Consistency in high standards application of standards and regulations Maintain a full coverage of security certifications and adapt to new cyber-security requirements coming from regulators
Prevention to avoid attacks
Detection and analysis to address security incidents Adaptive security framework able to optimally and dynamically respond to any cyber-threat that may lead to data, service or reputational damage
Improvement to avoid re-occurrence Continue to keep incident resolution at 100% consistent with our security policy. Incidents are reported and root causes are well understood in
Reporting to monitor our performance
Train WL employees yearly regarding cyber-security threats in order to strengthen and maintain data security awareness
Achieve defined Security Key Performance Indicators.
order to avoid re-occurrence
Maintain a full coverage of security certifications and ● adapt to new cyber-security requirements coming from regulators. Worldline has been engaged in an ISO 27001 Multi-Site Certification (MSC) programme with Atos group until end 2019. A Worldline standalone MSC programme has been defined to cover ISO standards 9001, 14001, 27001. This multisite approach ensures that Worldline does
have a homogeneous approach regarding certifications on ISO standards. Therefore, it uses the same policies and processes in all the Company. This will ensure that it can provide a consistent level of quality and security for all services that it is providing, independently of the country
Universal Registration Document 2020
Made with FlippingBook Ebook Creator