Sustainability Report - FY 2023

Social and societal information Consumers and end-users

7.9

Consumers and end-users

Policy The increase in cyber threats against businesses represents a major risk in an increasingly digitised and dematerialised global context. The Group contributes to reducing malicious cyber-attacks, thus having a positive impact on data protection and the protection of healthcare systems, governments and companies. As a global leader in the distribution of cybersecurity products and services, Exclusive Networks must put in place a governance and organisation to protect against and respond to attacks. Exclusive Networks is committed to strengthening its resilience and implements risk management methodologies in accordance with ISO 27000 standards and the main international standards (see below, paragraph 7.9.2 “Protection of the information system”). This procedure complies with the best practices and rules defined by the ISO/IEC 27005:2022 standard - Information Security Risk Management, which deepens the general concepts of risk management specified in the ISO/IEC 27001 standard.

7.9.1

Governance and organisation of information systems security

The Information Systems Security Department relies on a multidisciplinary team as well as a centralised organisation, placed under the authority of the Chief Information Security Officer & Chief Technology Officer (CISO & CTO) composed of information systems security officers:  the Global Security Operations Centre (GSOC) department in charge of managing security incidents throughout the Group, including local infrastructures and offices;  this department has been bolstered by an external Managed Endpoint Detection & Response service, which monitors and responds to security incidents 24/7, and can initiate legal investigations if necessary;  the Security Strategy & Governance (SSG) team was set up in 2023 with the aim of developing an operational model for IT security governance within Exclusive Networks (ISMS, AI Governance, Information Risk Management, etc.). The SSG is also responsible for the development and implementation of security strategies (device management, data security, etc.), access management and security identification and awareness. All of these players thus contribute to securing the Group’s Information Systems as well as the exchange of information with customers, suppliers and more generally Exclusive Networks’ partners.

Organisation of the security of Information Systems

Group Executive Committee

Chief Information Officer

Chief Information Security & Technology Officer (CISO & CTO)

Global Security Operations Center (GSOC)

Security Strategy & Governance (SSG)

Digital Workplace

Digital Infrastructure

Service Delivery

component elements of the Cyberdefense council

54

Exclusive Networks SA

2023 Sustainability Report

#WeAreExclusive