253 Life Is On | Schneider Electric www.se.com Chapter 3 – How we manage risk at Schneider Electric Strategic Report 3. Global Security provides support to local teams for any security issues (site audit, expatriates or local employee security, security on assignments, etc.). The team also: • publishes internally, a table of “Country Risks” for use in security procedures that are mandatory for people traveling, expatriates, and local employees; • provides daily co-ordination with the Group’s worldwide partner in the field of medical and security assistance (International SOS & Controls Risks – start of contract in January 2011); • organize, as needed, psychological support in some crisis context (Eutelmed – start of contract in April 2015). It brings its methodology to develop emergency plans (evacuation plans, crisis management plans, etc.) and co-ordinates the corporate crisis team (SEECC – Schneider Electric Emergency Coordination Center, created in 2009) each time that it is activated. Global Security also participates in crisis management, in managing the corporate crisis cell, and in supporting local entities (to limit the consequences of the occurrence of certain risks such as civil war, weather events, pandemics, attacks on people, terrorism, etc.). In addition, it regularly organizes Security Audits (R&D centers, head offices, sensitive plants, etc.). Global Security sits on the Group Operations Compliance Committee (previously named Fraud Committee) alongside Compliance, Internal Audit, and the Legal department. Global Security supports internal investigators as well as contributing to the Group’s methodology and procedures to conduct investigations properly and in accordance with the law. Management of cyber and product security and associated risks across Schneider Electric The Cybersecurity and Product Security Functions inside the Governance organization define the Company’s cyber and product security strategies and approaches. The departments are accountable for protecting Schneider Electric’s business operations; securing the digital assets and offers for Schneider Electric and subsidiaries; managing the Cyber Risk Register; driving cybersecurity awareness across the Company; owning the creation, maintenance, and enforcement mechanisms of cyber and product security policies; ensuring the execution of cyber and product security initiatives across Schneider Digital Functions and entities; and managing the Cybersecurity Incident Prevention, Detection, and Response process.
Universal Registration Document Page 254 Page 256