5. 5.3 Data protection and cybersecurity Issues and impacts The Group’s digital transformation and the growing number of digital exchanges with its many partners are increasing the risks of hacking, cyber-attacks and malicious use of information systems. As a trusted digital partner, GEODIS is committed to continuously adapting and improving its technical and organizational posture, whether preventive or responsive, in order to guard against any major interruption to its activities or breach of data confi dentiality that could impact third parties, or its own operations or reputation. Governance The Group’s Information Systems Security Department works closely with the Management Board. It implements a comprehensive, overarching strategy in France and internationally, independently of the lines of business concerned. This department works with the Data Protection Offi ce, which defi nes and oversees the implementation of protection rules. Policies and procedures The rules and principles established by the Group in terms of information systems security must be respected by all lines of business and regions, as well as by local regulations in force. The Group relies on a network of committed partners and a signifi cant range of solutions to secure exchanges, maintain employee vigilance and work towards the most widely recognized international security standards (NIST, ISO 27001). The following have been implemented: ● a general IT security policy, incorporated into the Book of Business Principles; ● specifi c policies in line with the appropriate benchmark standards; ● a “security by design” approach, which ensures that security requirements are included in the design phases of services and products rolled out by GEODIS as part of its digital transformation; ● internationally acknowledged security certifi cations in key business areas; ● risk analyses and ad hoc mitigation measures. Action plan The Group’s data and asset protection roadmap is supported by the following means and resources: ● identifi cation of risks by classifying assets, partners and potential threats that could impact the confi dentiality, availability or integrity of data; ● protection of assets and promotion of cyberculture by regularly raising awareness among users, who are the primary players in the Company’s security, through training and attack simulation campaigns. Over 30,000 users take part every month; ● detection of possible compromises on over 35,000 active devices, and a Vulnerability Operation Center to continuously reduce the attack surface; ● the means of responding to alerts and incidents, represented by its Security Operation Center and intervention teams around the world, providing 24/7 coverage; ● crisis procedures and exercises to manage potential major incidents more smoothly. GEODIS recognizes the increasingly prominent role played by artifi cial intelligence (AI) in its functions and lines of business, and is committed to a global governance of data to guarantee ethical, transparent and compliant use of AI in its various regions and regulated environments. 5.3.1 Personal data Issues and impacts Ensuring cybersecurity and data protection is crucial for companies in the logistics sector. The data generated by their activities is an invaluable asset, ensuring that operations run smoothly, deadlines are met and costs are optimized in real time. Ensuring the confi dentiality, availability and integrity of customer, supplier and partner data is critical. An effective data protection strategy not only prevents data loss, theft and corruption, but also keeps damages in the event of a cyberattack to a minimum. This dependence on information systems also exposes the Group to risks of non-compliance with regulations on a global scale, which could potentially lead to substantial fi nes and reputational damage. To limit this risk, GEODIS has set up a dedicated governance structure, a set of tools and awarenessraising campaigns to increase employee vigilance with regard to data management. The process of identifying the impacts, risks and opportunities of the protection of personal data in relation to GEODIS’s business model and strategy is presented in section 2.6 of this report. 2024 ACTIVITY AND SUSTAINABILITY REPORT - 91 EDITORIAL > 1. GROUP PROFILE > 2. GENERAL INFORMATION > 3. ENVIRONMENT > 4. SOCIAL > 5. ETHICS > 6. ANNEXES
RkJQdWJsaXNoZXIy NzMxNTcx