Table of Contents Table of Contents
Previous Page  107 / 330 Next Page
Information
Show Menu
Previous Page 107 / 330 Next Page
Page Background

CAPGEMINI: PEOPLE, CORPORATE SOCIAL RESPONSIBILITY (CSR) AND BUSINESS ETHICS

3.1 Our approach

3

107

Registration Document 2016 — Capgemini

Integration of former IGATE employees

specific E&C e-learning modules described above (Code of

Chief Ethics & Compliance Officer in February. Secondly, the three

communication and learning activities.

employees were incorporated into the regular Group E&C

Laws Policy) were assigned to them. Thirdly, former IGATE

Business Ethics, Group Anti-Corruption Policy, Group Competition

into this Program. Firstly, an updated Code of Business Ethics

Program has been on the integration of former IGATE employees

During 2016, the main focus for the Group Ethics & Compliance

was communicated to all of them by top management and the

considerably. While efforts are ongoing, this already represents a

completed each of the 3 E&C e-learning modules has increased

Group employees (Capgemini + former IGATE) that have

significant achievement for the whole organization.

30,000 former IGATE employees in 2016, the total percentage of

hours of training. Year over year, while integrating more than

by former IGATE employees in 2016, representing around 50,000

More than 80,000 E&C e-learning sessions have been completed

concerns

procedure for requesting advice and raising

Raising concern procedure: a dedicated

Group operates, in accordance with applicable legislation.

RCP is applied on a case-by-case basis in the countries where the

for dealing with individual grievances are not applicable, the

discussing the matter with his/her manager or if other procedures

not resolved by the manager, or if the employee is not comfortable

discuss the matter first with his/her local manager. If the issue is

directly from the CECO in Paris. In operation since late 2013, the

guidance on appropriate action from the local GC-ECO, or even

Procedure (RCP). Employees may in this way seek advice and

employee may use the employees’ dedicated Raising Concern

with a question or issue involving ethics or compliance should

The Code of Business Ethics provides that an employee faced

Cybersecurity and data protection

3.1.5

personal data protection.

competitiveness whilst anticipating new regulations such as

November 2014 and is aimed at reinforcing Group

(Cybersecurity & Information Protection) Program was launched in

clients requirements and issues of data protection. The CySIP

transform its IT security approach to better take into account its

In July 2014, Capgemini Group Management Board decided to

practices), a data privacy strategy and a personal data protection

governance) and a CySIP Baseline (minimum and mandatory

published 2015 a CySIP Strategy in March (stakes, objectives and

Sponsored by the Group General Secretary, the CySIP Program

entities before the end of 2017.

policy. These rules must be implemented within all Capgemini

working together under steering of the the Group CySIP Officer:

The CySIP program is composed of three communities that are

Security Officers (CISO: focused on internal IT).

and sensitive data confidentiality) and the Chief Information

Protection Officers (DPO: focused on personal data protection

requirements and security of delivery projects), the Data

the CySIP Officers in Strategic Business Units (focused on clients’

modules and other innovative multimedia tools.

prepare the annual work plan. By the end of 2016, the corporate

The three CySIP communities meet every year during two days to

launched for all employees. It includes mandatory e-learning

global roll-out plan is sponsored by the Group CEO and has been

governance is in place, policies and standards are harmonized. A

published on the external website of Capgemini and clients now

personal data within Capgemini Group globally.

have the opportunity to rely on BCRs for the transfer of their

European Data Privacy Authorities. All Capgemini Group entities

protection authority, the CNIL, on March 2, 2016, on behalf of all

controller and data processor – were approved by the French data

data protection (BCRs) - covering Group activities acting as data

being implemented within the organization. The BCR have been

have formally adhered to the BCR and the BCR are currently

2016 agenda. Capgemini Binding Corporate Rules on personal

Data protection and data privacy were a major priority on the

and India will provide new monitoring services of our

capacities). The Capgemini Security Operation Centers in Europe

Event Management (to reinforce detection and response

controls to applications and data) and Security Information and

Infrastructures and IT systems. A BYOD (Bring Your Own Device)

topics: Identity and Access Management (to reinforce access

Since 2015, the CySIP operational projects focus on 3 major

of an overall Audit and Control Plan.

implementation are performed on an annual basis. They are part

CySIP Baseline, data protection practices and operational projects

professional purpose. Finally, maturity assessments related to the

secure access and data when using personal devices for

policy and tool have been defined and implemented in 2016 to

governance and rules are reached by the end of 2017.

purpose is to ensure that the objectives of the CySIP Strategy,

The self-assessment is performed in order to verify whether

the yearly risk mitigation plan globally and for each entity. The

technical audits and penetration tests, enabling the definition of

mandatory practices are implemented, and is complemented by

I 102 103 104 105 106 107 108 109 110 111 112 113 IV