technicolor - 2018 Registration document

RISKS, LITIGATION, AND CONTROLS

INTERNAL CONTROL

PREPARATION OF FINANCIAL INFORMATION The Group’s financial information is prepared by the Finance Department. It is based on information reported through the Annual Reporting and consolidation processes and on operational and market information, which is specifically centralized for the preparation of the Company’s Registration Document. The latter is prepared jointly by the Finance Department and the General Secretary of the Company. The quarterly, half-yearly and annual financial information is reviewed by the Audit Committee and the Board of Directors. Prior to being published, the above financial information is also reviewed by members of the management team and senior managers within the Corporate Finance and Legal Departments, each for their respective fields. Other internal 3.3.5 control procedures The Chief Information Officer (hereafter the “CIO”) leads the Technicolor’s IT organization and is supported by a leadership team composed of senior IT and business managers. The managers either directly support each of Technicolor’s businesses or support shared service IT functions and applications used worldwide by the entire organization (Global Infrastructure & Risk Management, Information Security, Enterprise Applications and Corporate Functions). IT organizations collaborate closely with other internal security entities, such as the Technicolor Security Office (TSO), to align IT solutions, services and products with established security policies, procedures and best practices. These individuals are experienced IT professionals with a broad background and are well versed with the businesses and technologies they support. They ensure that the IT tools, services, and applications used by all Technicolor sites and businesses (e.g. e-mail, networks, phone systems, cloud platform evolution and operation, collaboration tools, video conferencing, web technologies, business intelligence tools, business and risk management tools and processes and the Technicolor Production Network) are operated and managed in an efficient, cost-effective, safe and secure manner. In addition, the IT organization provides Enterprise Architecture for new technologies, IT Vendor Management and Enterprise Project & Portfolio Management used to govern, regulate, and manage the IT organization (regulatory compliance, internal IT standards and best practices, project and project portfolio management processes) ensuring that IT is properly aligned with the corporation’s strategic objectives. This function leverages the IT 3-Year Plan to ensure that proposed new technology and applications are planned and executed in a rational, holistic manner that encompasses both technical and business process impacts and encourages use across the corporation. INFORMATION TECHNOLOGY SECURITY PROCEDURES GRI [103-2 Customer privacy]

SECURITY OF PEOPLE AND ASSETS, INCLUDING CYBERSECURITY GRI [103-1 Customer privacy] [103-2 Customer privacy] [103-3 Customer privacy]

Security is key priority and an overall enterprise topic that affects each of our Business Divisions in different ways. For Entertainment Services, Studios assign their projects only to companies that meet their content security standards. Technicolor’s facilities and digital networks must succeed customer initiated, security audits to win new contracts and to maintain client relationships. The TSO (Technicolor Security Office) play a strong role in preparing and assisting in such audits. Security is also important for the Connected Home business. As devices are increasingly more open and complex, they are exposed to greater security risks. Security can be a real market differentiator. TSO helps Connected Home to deliver secure devices to their customers, and to adapt its product security posture to current threat levels. For the Technology segment, confidentiality is essential to protect Technicolor’s patents. In general, our innovations, our sensitive information, our private data can be privileged targets for business intelligence. As such the TSO, was established in 2011 to define the Security Strategy at the Group level. Led by the Chief Security Officer, the TSO establishes priorities, defines best practices, monitors current implementations, develops common metrics and promotes the security tools for the Group. The key areas of focus for the TSO are physical, digital and business security which are all covered as part of a Security 3YP that is organized around four main pillars: Foundational, Protect, Detect and Respond & Recovery. Each pillar contains categories of initiatives (23 in total) that highlight the key areas of focus and progress. A cross function security team is in place being the main contributor in executing the 3YP. This team is comprised of: TSO-Assessment Team (AT), TSO-Physical Security, Content Security, Security Operating Center (SOC), IT Security and Governance, Risk and Compliance (GRC). The TSO-AT act as internal security assessors and advisors. The TSO-Physical Security team establish standards, conduct assessments and manage the global incident management processes The Content Security team provides assistance and guidance across all Production Services sites for all security initiatives. The Security Operating Center (SOC) manage day to day security elements (tools, process and data). The GRC arm of the TSO manage policies, global awareness program, tool and vendor assessments and the design of new processes and/or policies, as needed. The Group Security program is governed through a dedicated Security Steering Committee including each Business Heads, Head of HR, IT and TSO representatives. The Security Steering Committee meet at least twice a year.

3

61

TECHNICOLOR REGISTRATION DOCUMENT 2018