A

Corporate and social responsibility report

Annex III -

Building client’s trust with fully available and secured platforms and reinforcing value for clients

287

Worldline

2016 Registration Document

Data Protection Procedures

customers. Thus, in 2016, Worldline did not receive any

complaints regarding breaches of customer privacy [GRI 418-1].

procedures ensure that privacy is embedded in all processing of

personal data made by Worldline on its behalf or on behalf of its

second pillar is constituted of procedures which are also

described in the Atos group Data Protection Policy. These

As “privacy by design” drives data protection at Worldline, the

risk mitigating measures.

Reported security incidents provide the basis for a thorough

root cause analysis supporting the continuous improvement of

effective as intended or the outcome of the security risk

assessment was based on wrong assumptions. It might as well

existing risks should be remediated to the agreed upon residual

risk level. Nevertheless, the in-place remediation might not be as

Thanks to proactive and regular Security Risk Assessments the

be that new threats and attack vectors are evolving which all

over sudden negatively impact Worldline’s information security.

services to customers around the globe.

Security Risk Assessments. This practice gets even more

valuable in the international context Worldline is providing its

at the right level and provides valuable input for the regular

So reporting and recording Security Incidents supported by

sound root cause analysis helps to keep existing risk mitigation

regional Security Officers ensure tight monitoring of Security

Incident registration and follow up on agreed upon

Weekly calls between the Worldline Chief Security Officer and all

improvement actions.

initiated in 2016:

To secure and support this, the Worldline Chief Security Officer

Global set-up and rollout of one Incident Ticketing solution;

●

Incident Ticketing Solution;

Training to all Worldline Security Officers in using this

●

Hands on workshop in using the Incident Ticketing Solution;

●

Reviewed and updated the existing Security Incident

●

Handling Policy;

Improved the handling of incidents related to actual or

●

announced (e.g. via black mailing) DDoS attacks.

infrastructure

[WL1]

Industry 4.0: Robust business IT

A.2.1.3.2

Robust business IT infrastructure

and robust platform [WL1].

state of the art platforms. In 2016, Worldline’s services availability

rate was over 99,88% for SIPS Solution highlighting a secured

Worldline delivers its customer services through redundant

solutions. This strategy gives to the Company all the necessary

levers to minimize the delivery impacts on costs and

Worldline provides services with its own IT infrastructure

environment, with a special focus on Green datacenter.

Platforms’ robustness

Worldline provides to its customers the delivery of highly

element outage to generate an unavailability of the global

service. Worldline integrates the high availability requirement at

datacenters, datacenters located in different countries. This

design allows a high global resiliency, preventing a single

hardware (redundant components, RAID…), sub-services running

on several distinct servers, servers located in separate

available services. These strong levels of availability are achieved

by including redundancy at multiple levels: robust base

the earliest design step of all platforms.

In practice, this is implemented by traffic load-balancing

(active-active) or failover (active-passive) on multiple sites. In

Time Objective/Recovery Point Objective).

ensures that business continuity can be achieved, with several

technologies available depending on the RTO/RPO (Recovery

redundancy principles are applied for servers, databases and

storage, to avoid any single point of failure. Data replication

case of breakdown, traffic is directed to another available site,

ensuring that users always reach an available service. Similar

robustness of the platforms.

infrastructure to verify the redundancy effectiveness and the

Regular tests are conducted for each key component of our

Security is at the heart of Worldline’s systems and therefore

diverse security certifications (PCI, ISO 27001, TÜV IT).

place to cover the security breaches detected by software

vendors or open-source community. This is translated in our

security audits, penetration tests and scans are regularly

performed on its platforms. Moreover, a patching process is in

able to deliver scalable and evolving solutions at an optimized

cost through its implementation of a high level of

benefit the most from shared international infrastructures

(datacenters, internet, storage, virtualization etc.). Worldline is

standardization and industrialized infrastructure services.

implemented a worldwide technical operational organization to

In order to optimize the infrastructure’s efficiency, Worldline has