BPCE_REGISTRATION_DOCUMENT_2017

SOCIAL, ENVIRONMENTAL AND SOCIETAL INFORMATION Sustainable and responsible value creation

In 2017,IT System Security risk mapping was expandedto include: operational availability of the group’s Archer IT System Security ● risk-mapping platform to group companies; convergence of standards in the IT System Security function; ● coordination withOperational Risks. ● The Group Security division (DS-G) also took over responsibilityfor overseeingthe groupwideimplementationof EuropeanData Protection Regulation(EDPR)requirements.Twelveprojectswereidentifiedfor this purpose (overall organizationand standards,creation of a consistent dataprocessingregister,incorporationof EDPRrequirements in projects, training and awareness-raising, etc.).

Group projects aimed at reducingrisks in its field. As a contributorto the permanentcontrol system, the Group Head of Security reports to the Compliance, Security and Operational Risks division. Within the central institution, the Group ISS division also maintains regular contact withthe Inspection Générale division. Anti-cybercrime mechanisms A number of initiatives aimed at enhancing anti-cybercrime mechanisms were continued in 2017: reinforced application access controls; ● reinforceddetectionof atypicalflows and events in the information ● systems (cyberattack detection); employee education on cybersecurity (Serious Game – IT Security ● training campaign, phishing, acclimationof new hires, etc.). Detailed information on IT security is provided in Chapter

Organization

Created on September 1, 2017, the DS-G establishes and adapts Group IT System Security policies. It provides continuous and consolidated monitoring of information system security, along with technical and regulatory monitoring. It initiates and coordinates

3 of the

registration document.

6

563

Registration document 2017