Plastic Omnium - 2020 Universal Registration Document

STATEMENT OF NON-FINANCIAL PERFORMANCE The ACT FOR ALL TM program PLASTIC OMNIUM UNIVERSAL REGISTRATION DOCUMENT 2020 155 Local networks of correspondents are responsible for operationally applying the policies and procedures defined at Group level. With regard to suppliers, in addition to signing the Suppliers’ Charter, measures have also been put in place to include them in the database and assess them by EcoVadis: the conditional requirement that certain contractors be certified ● according to the ISO 14001, ISO 45001 standards; a major discrepancy identified during an audit that may lead the Group ● to take all necessary measures to guarantee its integrity and sustainability; training; ● the inclusion of contractual clauses on social and environmental issues ● in the General Supply Terms and Conditions in its supplier, subcontractor and service provider contracts. Two issues in particular are monitored by the Group: conflict minerals: very few minerals are likely to come from war zones: ● gold, tungsten, tin and tantalum and their by-products. They are identified and follow a specific purchasing policy to ensure that their supply is ethical and does not come from sources that support human trafficking, slavery, forced labor, child labor, war crimes, etc.; chemical products: products covered by the European REACH ● regulation must be registered. Plastic Omnium is working with an external service provider to ensure that products meet regulations and that the safety data sheets (which provide information on risks and stipulate usage precautions) are up to date. Because the lists of products covered by REACH change regularly, this work involves anticipating regulations. Whistleblowing procedure 4.6.1.2.4 In 2018, the whistleblowing system was strengthened and opened up to external third parties by presenting the whistleblowing system on Plastic Omnium’s website. An operating procedure exists in the 26 main languages within the Group and is available on the Intranet. The procedures for system entry were presented to the competent Employee Representative Bodies at the time of their adoption. Whether they are internal or related to the Group’s businesses within its value chain, alerts may cover: risks against human rights and fundamental freedoms; ● ethics risks; ● health/safety/environment risks. ● If direct management cannot intervene, employees are invited to use the two channels available to them: an email address: corporatesecretary.ethicsalert@plasticomnium.com; ● a mailing address: Compagnie Plastic Omnium, Alerte Éthique, 1, allée ● Pierre-Burelle, 92300 Levallois-Perret. The information is processed anonymously and is exclusively addressed to the Group’s Corporate Secretary. The Group has processed alerts received in 2020. System to monitor the measures implemented 4.6.1.2.5 and assess their effectiveness The data presented throughout this Statement of Non-Financial Performance are monitored monthly, quarterly or annually in dedicated reporting tools to measure changes, improvements and any discrepancies to be corrected: work organization, overtime, compensation, incidents of discrimination, equal opportunity, health and safety as well as greenhouse gas emissions and energy consumption, consumption of raw materials, waste and environmental incidents. The issues covered in the ACT FOR ALL TM program are subject to specific monitoring within dedicated Committees. In addition, targets have been set for the program’s top 10 markers by 2025 with intermediate annual targets (See the ACT FOR ALL TM table , Markers, indicators) . Assessments performed by third parties show the Group’s constant non-financial performance improvement (See section 4.1.2 Sustainable Development at the heart of the company). In 2020, the number of suppliers assessed significantly increased: 1,258 suppliers, compared with 450 in 2019. For 2021, the target is set at 2,500: 1,000 suppliers for Clean Energy Systems, 1,000 suppliers for Intelligent Exterior Systems and 500 suppliers for HBPO. DATA PROTECTION 4.6.1.3 Cyber risks can result from external, internal or unintentional malicious acts, lead to data loss and expose the Group to financial damages and penalties. The digital transformation and digitalization of the business lines and businesses results in an increase in the digitization of the processes and volume of data managed by the Company. This transformation towards Industry 4.0 must be supported by appropriate information systems and data security in order to protect Plastic Omnium from all computer attacks while also supporting this inevitable digital transformation. Within the Information Systems Department, the Cyber Defense Department steers the governance of data protection and network security issues. A monthly Cyber Security Committee supervises the cyber risk reduction plan. Cyber security skills are incorporated in all steps of project development. In particular, a cyber risk analysis is carried out from the design phase (Security by design). When a new risk is identified, the cyber risk mapping is updated. External monitoring is also an essential source for this update with the regular appearance of new forms of cyber-attacks, such as the growing threat of ransomware (malware taking data hostage). Plastic Omnium has a Security Operating Center, operational since 2019, enabling real-time detection and processing of risk behaviors and attacks that could compromise its information systems and data. This system was strengthened in 2020 through the deployment of new tools. Faced with an intensification of attacks, the Group strengthened its cyber resilience. Investments were made in 2020 to develop a cyber crisis management system: definition of procedures, identification of key roles and development of processes. This system will speed up the processing of major incidents and thus reduce systems downtime.