Table of Contents Table of Contents
Previous Page  90 / 334 Next Page
Information
Show Menu
Previous Page 90 / 334 Next Page
Page Background

D

Corporate Responsibility

D.4

Ethical excellence inAtos’ sphere of influence

Trusted partner for your Digital Journey

90

Asset Protection

D.4.1.3

A comprehensive approach to the protection of assets

of Atos internal and external (i.e. “Customer related”) business

processes. They apply to all staff, contractors and consultants

throughout the Atos organization.

Atos Group security organization has a set of 50 Global Security

and Safety policies, standards and guidelines. The Atos Group

security policies are mandatory and binding for all Atos entities

and employees in order to guarantee the safety and the security

network, personnel, software and hardware).

protection of all Atos assets, whether owned, used or held in

custody by Atos (information, intellectual property, sites,

The Atos Group Safety and Security policies encompass the

The main Atos security policies are part of the Atos “Book of

Internal Policies”:

AP90 Atos information Security Policy;

AP91 Atos information Classification Policy;

AP92 Atos Safety Policy;

AP96 Atos IT acceptable use Policy.

confidentiality agreements, encryption and logical and physical

protection of information where required.

information, including, but not limited to, the use of

In addition, Atos has put in place measures and policies to

protect its intellectual property assets and confidential

matters are appropriately dealt with and in compliance with

applicable laws.

Furthermore the Atos Legal, Compliance and Contract

Management department advises on all commercial transactions

as to ensure that appropriate provisions are included in its

contracts with customers and suppliers and that confidential

Securitymanagement system, organization and

governance

improvement cycle related to this ISMS. Planned enhancements to

the ISMS include a single set of security policies that are

harmonized across all areas of Atos Worldwide and will be:

Atos’ Information Security Management System (ISMS), built in

2001, is mandated across all the Group Business Units and

Divisions. The Security organization is aligned with the continuous

worldwide to understand and comply with;

written in clear English, at a level that allows Atos staff

consistent in structure & terminology;

easy to use & maintain.

This will be supported by a streamlined document review and

approval process.

Security Incident Response Team). Group security Governance is

structured around weekly calls under the responsibility of the

continued to be reinforced in Atos Divisions (e.g. Infrastructure

& Data Management and Business & Platforms Solutions) as well

as further assignment or set up of Security Management teams

and roles to address specific areas (e.g. creation of a Computer

Following 2013 initiatives, Security organization and governance

Atos entities.

Group Chief Security Officer – Head of Security, with all Group

and Business Units security officers, representatives from all

During weekly calls, Chief Security Officers (CSO) from all part

of the Group organization are working all together on:

tracking all decisions and actions around the security;

reviewing all the security events and security incidents of

global interest;

networks (Internet, Intranet, production environments);

reviewing results of all the vulnerabilities scanners running

since the second semester of 2013 on all categories of Atos

improving the security management system.

27001, ISAE 3402 and PCI/DSS for “Worldline” (payments

industry).

The Group’s main certifications regarding security include: ISO

Security key performance indicators and reporting

From a security performance management perspective, Atos is

monitoring the deployment of ISO27001 at all the Atos business

activities.

of 19 locations in the GBUs: Asia Pacific, Iberia, Meaddle East and

Africa, Central and East Europe, France, Benelux and The Nordics,

South America, Germany for selected Divisions for each chosen

location. Atos performed 121 internal audits at further sites.

In 2016, the External Certifier (Ernst and Young) audited a total

these measures are part of the Atos security framework

[AO3]

.

In addition to these high-level indicators, technical monitoring

and reporting are in place to act proactively on security

anomalies (weekly security watch analysis, monthly monitoring

of firewall configurations, weekly vulnerability scans, yearly

penetration tests, reviews of access rights, intrusion detection

systems, and monitoring and logging of system events). All

I 85 86 87 88 89 90 91 92 93 94 95 96 IV  FlippingBook