HERMES_REGISTRATION_DOCUMENT_2017

OVERVIEW OF THE GROUP

RISK FACTORS

As regards IT risk prevention, work carried out in 2017 focusedmainly on enhancing the security of central systems, the management of worksta- tions at Group level, the centralisation of access rights to facilitate their management, ensuring the security of internal and external access, pro- tecting workstations, preventing leaks of confidential data and improving backup and breakdown tolerance mechanisms for critical systems to ensure continued operation in the event of an incident. As is the case each year, internal, Wifi and external network intrusion testing and computer crash simulations were carried out. The Group also ensures that it complies with various standards and regulations, for example, in the area of payment card data management (PCI-DSS) or personal data protection (GDPR). Description of the risk Hermès Group is committed to respecting the regulations in the coun- tries where it operates. The quality of products sold and their compliance with high safety standards is one of the Group’s priorities. Risk management Hermès’ products are regularly testedby laboratories inEurope, Asiaand theUnited States, in order to verify that they conform to themost exacting regulations in the world, as well as to ensure their safety. Monitoring is carried out to analyse the development of regulations before drawing up product specifications. 1.8.1.6 Protecting the health and safety of consumers Description of the risk The expertise of our craftsmen, and more widely that of our staff form the foundation of our sustainable development. Our uniqueness comes from preserving, enriching and passing on these often exclusive skills in a period of growth for our métiers and our workforce. Risk management The house is continuing to perfect craftsmen’s skills and expertise through a range of training and professional qualification programmes. These programmes are delivered within the dedicated in-house Hermès schools, (including the Leather Goods, Tanners or Textiles schools among others), and as part of numerous collaborations with external training organisations (as described in paragraph 2.2.1 Training). 1.8.1.7 Recruiting and training employees and craftsmen in the standards of excellence required by the Group

Minimising risks to property assets

1.8.1.4

1

Description of the risk The presence of Hermès Group in the best locations for its distribution activities and the construction of quality buildings, living environments and work tools for its craftsmen and employees are a major challenge for the Group. Risk management The management of the Group’s real estate operations is centralised within the construction development department whichmonitors quality, cost and deadlines. This contributes to the judicious control of critical issues: s identifying and assessing the viability of locations for distribution and production facilities and administrative offices based on qualitative and technical criteria; s securing our key locations through a detailed analysis of our rental commitments and associated risks; s directly or indirectly overseeing key construction projects to ensure the work is properly carried out; s supervising inspection plans for the Group’s main sites, to ensure they conform to construction, safety and fire safety regulations. These inspections are supplemented by prevention system reviews carried out by the Group’s insurers. In addition, the Property Safety Committee is responsible for overseeing potential risks and for ascer- taining that Group safety rules are duly applied. It also systematically follows up on all action plans. Description of the risk Information systems are of prime importance for the proper performance of the Group’s daily operations, whether in relationships with clients, suppliers or employees but also with regards to the processing and sto- rage of Group data. Risk management Hermès’ expenditure on IT systems (equipment and maintenance) is comparable with that of its peers in the sector. The aim is to bring the technology infrastructure and systems in line with the increasing needs of users and the Group’s sectors, to guarantee good operational perfor- mance, to keep IT-related risks under control and to prepare systems for the future, especially for new digital services. The Group’s IT systems department works under an information tech- nology governance charter and has drawn up a corpus of procedures that apply to all Group companies. IT security and Group procedure com- pliance audits were carried out by outside firms at the Group information systems department (DSI) and within major subsidiaries. Work to further enhance the security of IT systems also entailed conti- nuing to harmonise the different systems in use using a standard ERP system and a single Group accounting system. 1.8.1.5 IT risk monitoring and prevention

2017 REGISTRATION DOCUMENT HERMÈS INTERNATIONAL

37