Activity and sustainability report 2023

5. In addition, the Strategic Suppliers Department regularly assesses the CSR performance of the suppliers it manages. The Group uses the EcoVadis reference system for this purpose, an independent platform for evaluating suppliers with regard to sustainability and social responsibility. It is based on four pillars: environment, social and human rights, business integrity and responsible purchasing. Each company is also evaluated on specific issues depending on its size, location and sector of activity. In 2023, 49% of the suppliers asked to answer the EcoVadis questionnaire were evaluated, i.e., around 100 suppliers. With an average score of 65/100, their performance is higher than the average worldwide score of 45/100 reported by EcoVadis. Any suppliers who score less than 45/100 overall or on one of the EcoVadis pillars are required to present a corrective action plan. 5.3 Data protection In view of the increasing digitalization of processes and the sharing of sensitive information with its customers, GEODIS is constantly adapting its prevention, detection and protection capabilities for its IT systems. The Group may be confronted with risks of hacking, malicious use of information systems or theft of confidential information. Particular attention is paid to these threats: any disruption to operations or loss of sensitive data could have a significant impact on its business and its reputation. GEODIS is determined to control the risks relating to the data it handles and to its processing systems, whether they are dedicated to production resources or to its own operations. Substantial resources, steadily increasing since 2010, are devoted to this area in recognition of the rapid growth in the global panorama of cyber threats and the crucial importance of the Group’s infrastructures in serving its ecosystem. The cybersecurity function, which reports to the Management Board, implements a global strategy in all regions where the Group operates, irrespective of the line of business involved. Governance is established through: ● a matrix organization consistent with the corporate structure; ● risk analyses and ad hoc risk mitigation measures; ● a general IT security policy, incorporated into the Group’s Book of Business Principles; ● specific policies in line with benchmark standards in this area; ● a “security by design” approach, which ensures that security requirements are included in the design phases of services and products rolled out by the Company as part of its digital transformation. 2023 ACTIVITY AND SUSTAINABILITY REPORT - 87 EDITORIAL > 1. PROFILE AND AMBITION > 2. CSR POLICY > 3. ENVIRONMENT > 4. SOCIAL > 5. ETHICS > 6. TABLE OF INDICATORS

RkJQdWJsaXNoZXIy NzMxNTcx