![Show Menu](styles/mobile-menu.png)
![Page Background](./../common/page-substrates/page0109.jpg)
CAPGEMINI: PEOPLE, CORPORATE SOCIAL RESPONSIBILITY (CSR) AND BUSINESS ETHICS
3.1 Our approach
3
107
Registration Document 2016 — Capgemini
Integration of former IGATE employees
specific E&C e-learning modules described above (Code of
Chief Ethics & Compliance Officer in February. Secondly, the three
communication and learning activities.
employees were incorporated into the regular Group E&C
Laws Policy) were assigned to them. Thirdly, former IGATE
Business Ethics, Group Anti-Corruption Policy, Group Competition
into this Program. Firstly, an updated Code of Business Ethics
Program has been on the integration of former IGATE employees
During 2016, the main focus for the Group Ethics & Compliance
was communicated to all of them by top management and the
considerably. While efforts are ongoing, this already represents a
completed each of the 3 E&C e-learning modules has increased
Group employees (Capgemini + former IGATE) that have
significant achievement for the whole organization.
30,000 former IGATE employees in 2016, the total percentage of
hours of training. Year over year, while integrating more than
by former IGATE employees in 2016, representing around 50,000
More than 80,000 E&C e-learning sessions have been completed
concerns
procedure for requesting advice and raising
Raising concern procedure: a dedicated
Group operates, in accordance with applicable legislation.
RCP is applied on a case-by-case basis in the countries where the
for dealing with individual grievances are not applicable, the
discussing the matter with his/her manager or if other procedures
not resolved by the manager, or if the employee is not comfortable
discuss the matter first with his/her local manager. If the issue is
directly from the CECO in Paris. In operation since late 2013, the
guidance on appropriate action from the local GC-ECO, or even
Procedure (RCP). Employees may in this way seek advice and
employee may use the employees’ dedicated Raising Concern
with a question or issue involving ethics or compliance should
The Code of Business Ethics provides that an employee faced
Cybersecurity and data protection
3.1.5
personal data protection.
competitiveness whilst anticipating new regulations such as
November 2014 and is aimed at reinforcing Group
(Cybersecurity & Information Protection) Program was launched in
clients requirements and issues of data protection. The CySIP
transform its IT security approach to better take into account its
In July 2014, Capgemini Group Management Board decided to
practices), a data privacy strategy and a personal data protection
governance) and a CySIP Baseline (minimum and mandatory
published 2015 a CySIP Strategy in March (stakes, objectives and
Sponsored by the Group General Secretary, the CySIP Program
entities before the end of 2017.
policy. These rules must be implemented within all Capgemini
working together under steering of the the Group CySIP Officer:
The CySIP program is composed of three communities that are
Security Officers (CISO: focused on internal IT).
and sensitive data confidentiality) and the Chief Information
Protection Officers (DPO: focused on personal data protection
requirements and security of delivery projects), the Data
the CySIP Officers in Strategic Business Units (focused on clients’
modules and other innovative multimedia tools.
prepare the annual work plan. By the end of 2016, the corporate
The three CySIP communities meet every year during two days to
launched for all employees. It includes mandatory e-learning
global roll-out plan is sponsored by the Group CEO and has been
governance is in place, policies and standards are harmonized. A
published on the external website of Capgemini and clients now
personal data within Capgemini Group globally.
have the opportunity to rely on BCRs for the transfer of their
European Data Privacy Authorities. All Capgemini Group entities
protection authority, the CNIL, on March 2, 2016, on behalf of all
controller and data processor – were approved by the French data
data protection (BCRs) - covering Group activities acting as data
being implemented within the organization. The BCR have been
have formally adhered to the BCR and the BCR are currently
2016 agenda. Capgemini Binding Corporate Rules on personal
Data protection and data privacy were a major priority on the
and India will provide new monitoring services of our
capacities). The Capgemini Security Operation Centers in Europe
Event Management (to reinforce detection and response
controls to applications and data) and Security Information and
Infrastructures and IT systems. A BYOD (Bring Your Own Device)
topics: Identity and Access Management (to reinforce access
Since 2015, the CySIP operational projects focus on 3 major
of an overall Audit and Control Plan.
implementation are performed on an annual basis. They are part
CySIP Baseline, data protection practices and operational projects
professional purpose. Finally, maturity assessments related to the
secure access and data when using personal devices for
policy and tool have been defined and implemented in 2016 to
governance and rules are reached by the end of 2017.
purpose is to ensure that the objectives of the CySIP Strategy,
The self-assessment is performed in order to verify whether
the yearly risk mitigation plan globally and for each entity. The
technical audits and penetration tests, enabling the definition of
mandatory practices are implemented, and is complemented by