Atos - Registration Document 2016

F Risks analysis [G4-14] F.2 Business risks [G4-13]

[G4-13] Business risks

F.2

Innovation and newofferings

F.2.1

In a context of rapid technological evolutions, rapid business loss of opportunities, but also to prevent accessing more neglect business model disruptions. Such risks may result in the there is a risk for IT companies to miss technological shifts or to transformation and emergence of (new) offers on the market, profitable or growing markets.

Scientific Community looking ahead for future trends, and a supervision of the Chief Technology Officer, which involves a In this domain, Atos has deployed a proactive strategy under the network of recognized “experts”. process (named “RAPID”) has been setup. monitoring R&D projects – for which a specific risk assessment The R&D investment committee is in charge of approving and

Technology and IT risks

F.2.2

IT system breakdowns could be critical both for the Group’s covering security and back-up systems and effective insurance and procedures to ensure the proper management of IT risks, services provided. The Group has implemented specific programs internal operations and its customers’ needs in respect of the cover. administrative and technical procedures for safeguarding and centers and Data Centers are specifically subject to extensive IT production sites, offshore development centers, maintenance supply breakdown or disruption, fire, regulation of extreme monitoring, covering physical and IT system access, energy temperature changes, data storage and back-up, contingency and disaster recovery plans. certified) for strengthening its defense capabilities and for system relying on ISO 27001 standard (which for most of it is Atos has also deployed an information security management preventing unauthorized access to information and systems.

security of data. An information breach in the system and loss of to conduct attacks on Atos systems that could compromise the However, the visibility of Atos and its clients may attract hackers confidential information (especially in payments activities) could operations than a hardware failure. The loss of confidential have a longer and more significant impact on the business damages. thus the loss of their business, as well as imposition of fines and information could result in losing the customers’ confidence and worldwide, coordinates remediation actions on a 24x7 basis Team) that centralizes all security events and security incidents has implemented a CSIRT (Computer Security Incident Response delay of reaction and enforce its cyber-security defenses, Atos forces and expertise. follow the sun while providing forensic and threat management In order to minimize the impact of security incidents, reduce

Trusted partner for your Digital Journey

230