Worldline - Registration Document 2016

Corporate and social responsibility report Annex III - Building client’s trust with fully available and secured platforms and reinforcing value for clients

A.2.1.3.2

infrastructure [WL1] Industry 4.0: Robust business IT

Data Protection Procedures

customers. Thus, in 2016, Worldline did not receive any complaints regarding breaches of customer privacy [GRI 418-1]. procedures ensure that privacy is embedded in all processing of personal data made by Worldline on its behalf or on behalf of its second pillar is constituted of procedures which are also described in the Atos group Data Protection Policy. These As “privacy by design” drives data protection at Worldline, the risk mitigating measures. Reported security incidents provide the basis for a thorough root cause analysis supporting the continuous improvement of existing risks should be remediated to the agreed upon residual risk level. Nevertheless, the in-place remediation might not be as Thanks to proactive and regular Security Risk Assessments the effective as intended or the outcome of the security risk assessment was based on wrong assumptions. It might as well be that new threats and attack vectors are evolving which all over sudden negatively impact Worldline’s information security. So reporting and recording Security Incidents supported by sound root cause analysis helps to keep existing risk mitigation services to customers around the globe. Security Risk Assessments. This practice gets even more valuable in the international context Worldline is providing its at the right level and provides valuable input for the regular regional Security Officers ensure tight monitoring of Security Incident registration and follow up on agreed upon Weekly calls between the Worldline Chief Security Officer and all improvement actions. initiated in 2016: To secure and support this, the Worldline Chief Security Officer Global set-up and rollout of one Incident Ticketing solution; ● Incident Ticketing Solution; Training to all Worldline Security Officers in using this ● Hands on workshop in using the Incident Ticketing Solution; ● Reviewed and updated the existing Security Incident ● Handling Policy; Improved the handling of incidents related to actual or ● announced (e.g. via black mailing) DDoS attacks.

Robust business IT infrastructure

and robust platform [WL1]. state of the art platforms. In 2016, Worldline’s services availability rate was over 99,88% for SIPS Solution highlighting a secured Worldline delivers its customer services through redundant solutions. This strategy gives to the Company all the necessary levers to minimize the delivery impacts on costs and Worldline provides services with its own IT infrastructure environment, with a special focus on Green datacenter. Platforms’ robustness Worldline provides to its customers the delivery of highly available services. These strong levels of availability are achieved by including redundancy at multiple levels: robust base element outage to generate an unavailability of the global service. Worldline integrates the high availability requirement at datacenters, datacenters located in different countries. This design allows a high global resiliency, preventing a single hardware (redundant components, RAID…), sub-services running on several distinct servers, servers located in separate the earliest design step of all platforms. In practice, this is implemented by traffic load-balancing (active-active) or failover (active-passive) on multiple sites. In case of breakdown, traffic is directed to another available site, ensuring that users always reach an available service. Similar Time Objective/Recovery Point Objective). ensures that business continuity can be achieved, with several technologies available depending on the RTO/RPO (Recovery redundancy principles are applied for servers, databases and storage, to avoid any single point of failure. Data replication robustness of the platforms. infrastructure to verify the redundancy effectiveness and the Regular tests are conducted for each key component of our Security is at the heart of Worldline’s systems and therefore security audits, penetration tests and scans are regularly performed on its platforms. Moreover, a patching process is in diverse security certifications (PCI, ISO 27001, TÜV IT). place to cover the security breaches detected by software vendors or open-source community. This is translated in our implemented a worldwide technical operational organization to In order to optimize the infrastructure’s efficiency, Worldline has able to deliver scalable and evolving solutions at an optimized cost through its implementation of a high level of benefit the most from shared international infrastructures (datacenters, internet, storage, virtualization etc.). Worldline is standardization and industrialized infrastructure services.

A

287

Worldline 2016 Registration Document