technicolor - 2019 Universal registration document

RISKS, LITIGATION, AND CONTROLS RISK FACTORS

PRODUCTS DEVELOPMENT AND CYBERSECURITY



GRI [103-1 Customer privacy] [103-2 Customer privacy] Risk identification

Risk monitoring and management

The Connected Home segment develops productvs and services based on its customers’ specifications and commits contractually on a release date. Connected Home has oriented its strategy and investment plans based on the Group’s expectations regarding the development of its markets and corresponding technologies. Some developments may become more expensive or take a longer time than initially planned due to unexpected challenges in the development cycle, potential quality issues linked to the technological complexity of the products, resource constraints or dependency on third parties deliveries. In addition, the segment’s products may be vulnerable to hacking or other types of malicious attacks. As the threat against the Internet of Things (IoT) includes massive scale attacks leveraging this type of permanently connected devices, the segment might be exposed to unanticipated liabilities or extra cost for remediation or compensations of prejudices. Failure to address these threats is likely to expose the Group to significant financial burden, legal liability, loss of reputation and loss of revenue.

To manage this risk and keep up to date on market trends and influence the industry, Connected Home monitors detailed market indicators to regularly review its market forecasts and the corresponding technology evolutions. The centers for product development or implementation of services include quality assurance functions that are responsible for establishing and measuring suitable quality indicators and developing action plans to improve the quality of the products and services. These quality programs include short and medium-term improvement plans developed from quality studies with customers. These programs are also developed with the segment’s main solutions and component suppliers and their effectiveness is assessed through quality audits. The projects are managed through a methodology defined and enforced in order to monitor systematically the product life cycle. The main milestones of the projects are subject to management review to address any issue and the main project risks. In addition, a project quality plan is defined to secure the quality of the project delivery. To ensure high security standards, a security approval procedure is in place for the new products delivered by the Connected Home Segment. This procedure is part of the product development project management methodology. Once products are delivered, an incident response procedure is in place to support customers. This procedure includes a vulnerability disclosure protocol, to allow security researchers to report such weakness on Connected Home products and allow to address risk before public disclosure and/or materialization of the risk. The assessment and management of cyber risks is an important activity that the Group regularly invests in to ensure that it can adapt technically to the complexity of cyber threats. Overall in 2019, Technicolor supported 153 security audits, including IT and Internal Audits.

3

57

TECHNICOLOR UNIVERSAL REGISTRATION DOCUMENT 2019