Fiscal 2022 Universal Registration Document

6 CORPORATE GOVERNANCE

TECHNOLOGY & INFORMATION SECURITY
Risks around managing the confidentiality, availability and integrity of Sodexo’s information technology assets; managing cloud systems and third-party suppliers, managing Sodexo and client data; risks from external cyber threats.
Category: Operations

Impact

On a daily basis, Sodexo IT systems process the data of 422,000 Sodexo employees and 100 million consumers; including patients in hospitals. In addition, the demand for new innovative and efficient services creates a fast changing and highly interconnected architecture. Sodexo is also a target for cyber criminals who want to exploit its weaknesses and gain access to the data of the thousands of clients and suppliers, to whom Sodexo is connected. Within this challenging environment, information security issues such as poor data integrity, loss of data confidentiality and lack of availability of key systems, or collaboration services, could result in high cost and/or high-volume impacts such as:

  • inaccurate financial reporting;

  • contractual penalties;

  • regulatory fines;

  • reputational damage with shareholders, clients, consumers, suppliers and employees.

Examples of Mitigating Activities

  • Group Information and Systems Security Policy aligned to ISO 27001 framework, with detailed security directives on key topics (e.g. security by design, cloud services, incident management).

  • Investment in security infrastructure, tools and services such as multi-factor authentication, laptop encryption, security risk assessments, email monitoring and endpoint detection and response.

  • Events and incidents monitored through a Security Operations Centre.

  • Global cyber incident management and response process

  • Global Data Center consolidation strategy focused on using trusted hosting partners to provide secure and efficient services.

  • Company-wide collaboration on security and compliance topics such as data privacy, cyber threats, new technologies and IT internal controls facilitated by formal Governance Committees and cross entity network groups.

Download the table

TALENT MANAGEMENT AND DEVELOPMENT
Risk of not having the right people in the right place at the right time.
Category: People

Impact

Sodexo is a company of people serving people. Growing, engaging and retaining our people is central to our strategic objectives and our ability to grow.

A lack of attention to employee engagement, retention and development could lead to:

  • a decrease in service quality jeopardizing client satisfaction and retention, and therefore long-term profitable growth;

  • loss of talented employees to other companies.

Examples of Mitigating Activities

  • Training programs to grow and develop Sodexo employees.

  • Performance management and reward framework to help retain, develop and motivate people.

  • Talent reviews and succession planning to promote internal mobility

  • Global Next Generation Leader program designed to strengthen leadership bench.

  • Empathetic and Collective Leadership Program – supporting managers to engage authentically with their people.

  • People retention tracked and monitored as a global KPI and included in bonus plans.

  • Sodexo Supports Me: Employee Assistance Program that provides counseling and support to help employees across the world meet the challenges of everyday life, both at work and outside.

Download the table