Saint Gobain - Registration document 2016

7 RISKS AND CONTROL 2. Internal control

Doctrine 2.4.2 The Doctrine Department is responsible for preparing all applicable to Group companies. financial, administrative and management procedures

integrated EHS management system as required by the EHS Reference Manual. The EHS Handbook is intended as a tool to cycle to describe and illustrate how to implement the be available to all, and follows the continuous improvement requirements for each area and provides reference chapters of the Reference Manual. Hence, it describes the Furthermore, the EHS Department works with its network to the minimum applicable requirements and/or methodologies. develop and update Group EHS standards, which describe controlled on the same basis in all Group entities, irrespective These tools help to ensure that risks are assessed and of the country and the local laws and regulations (see documents, examples of implementation or best practices. training packs, assessment questionnaires, and cross-audits chapter 4, section 1.3). Implementation guides, procedures, developed to support the application of the standards at the of standards implementation and computer tools have been practices concerning information systems and networks, the following areas: based on four sets of compulsory minimum security rules in The Information Systems Department compiles rules and best points, 112 entities) and SGTS Security Reporting infrastructure, with 15 minimum security rules (22 control ‹ (34 control points, 17 SGTS covering 440 entities); critical or large industrial IT systems); minimum security rules (20 control points, 301 entities with industrial information technology systems, with 14 ‹ security rules (13 control points, 14 R&D Centers); research and development systems, with 7 minimum ‹ applications, with 17 minimum security rules (35 control ‹ points, 61 competency centers); points, 17 Datacenters). coordinated by the Group ISD or the SGTS (55 control hosting of our resources in partner-operated Datacenters ‹ technological advances and control infrastructure services. rules, and are updated periodically to keep pace with Technical standards are also issued as a supplement to these The Information Systems Department has defined and rolled out: user rights and managing conflicting segregations of a tool (RMT, Rights Management Tool) for controlling SAP ‹ Group’s SAP systems; duties. This tool will be gradually integrated into all the accounts that access to applications (ATA/ABA, a technical standard to manage technical and business ‹ Accounts); Application Technical Accounts/Application Business (WASD); a Web Application Secured Development (3.0) standard ‹ sites. General doctrine on information 2.4.4 systems security

DOCTRINE MANAGEMENT

Information “pushed” to employee email

INTRANET DOCTRINE

Hotline

GROUP EMPLOYEES

These procedures, accessible on the Group’s intranet, cover Financial and Accounting Standards. two main themes: Group Organization and Procedures, and twice a year for the Audit and Risk Committee. Reports on the Doctrine Department’s activities are prepared

(EHS) Reference Manual Environment, Health and Safety

2.4.3

The EHS Reference Manual describes the approach to be system and contributes to meeting the objectives set by the followed by all entities to introduce an EHS management workplace accidents and occupational illnesses. The Group in terms of environmental protection and prevention of identification, preventive actions implementation, reduction approach is structured around the main steps of risk and control of risks. The EHS Reference Manual (2012 version) is accessible on the with the ISO 14001:2004 and OHSAS 18001 certifications and Group Intranet and is distributed to all sites. It is consistent with the Group’s World Class Manufacturing (WCM) document for the audit of the EHS management systems (12- approach (see section 4.2), and is used as the reference be reviewed in 2017 to reflect the latest developments in and 20-step audit). The Reference Manual and the audit will international standards. In addition, the purpose of the EHS Handbook, updated in 2014, is to help all Group entities to develop and roll out an

182

SAINT-GOBAIN - REGISTRATION DOCUMENT 2016

WWW.SAINT-GOBAIN.COM