On a daily basis, Sodexo IT systems process the data of 430,000 Sodexo employees and 80 million consumers in the Foodservices business. In addition, Pluxee's employee benefit and engagement platforms process the data of 500,000 clients, and 1.7 million merchants. The demand for new innovative and efficient services in both On-site Services and the benefits and engagement business creates a fast changing and highly interconnected architecture. Sodexo is also a target for cyber criminals who want to exploit any weaknesses and gain access to the data of the thousands of clients, consumers, suppliers and merchants, to whom Sodexo is connected. Within this challenging environment, information security issues such as poor data integrity, loss of data confidentiality and lack of availability of key systems, or collaboration services, could result in high cost and/or high-volume impacts such as:
- inaccurate financial reporting;
- contractual penalties;
- regulatory fines;
- reputational damage with shareholders, clients, consumers, suppliers
and employees.
|
- Group Information and Systems Security Policy aligned to ISO 27001
framework, with detailed security directives on key topics (e.g. security by design, cloud services, incident management).
- Investment in security infrastructure, tools and services such as multifactor
authentication, laptop encryption, anti-malware, global proxy deployment, email monitoring and endpoint detection and response.
- Events and incidents monitored through a Security Operations Centre.
- Vulnerability scanning deployed.
- Global cyber incident management and response process.
- Global cloud strategy focused on using trusted partners to provide
secure and efficient services.
- Security awareness training for users using phishing simulation
campaigns.
- Company-wide collaboration on security and compliance topics such as
data privacy, cyber threats, new technologies and IT internal controls facilitated by formal governance Committees and cross entity network
|