Atos SE

The CSR organization is present at all levels of the Company up to the Board of Directors which is ultimately in charge of the oversight of the impacts, risks and opportunities and of monitoring the implementation of the CSR strategy. The Board of Directors reviews the CSR initiatives and targets and presents the CSR strategy achievements to the Annual General Meeting of shareholders on a yearly basis. The CSR Committee of the Board of Directors is directly involved in defining the CSR strategy and priorities. Please refer to Chapter 4.2 for further information on the composition, role and sustainability‑related expertise and skills of the members of the Board of Directors. [...] At upper management level, the Group CSR Officer manages the entire CSR program and presents on a regular basis to the CSR Committee of the Board of Directors the latest achievements and planned objectives both at global and regional levels on the environmental and social initiatives of the Group. She highlights cooperation needs by other Atos' functions or business lines to further the CSR strategy. The Group CSR Officer oversees internal and external CSR communications and is the prime contact with non‑financial agencies and investors on CSR topics. The Group CSR function is led by the Group CSR Officer and coordinates and aligns the CSR program and strategy within the Group. It is composed of a core international team of Group CSR managers who work closely with local CSR managers, support and business functions as well as the EMS managers in the Group. Weekly and monthly reviews are organized to design, implement, and monitor main axes of actions and targets.

The CSR Committee of the Board of Directors is directly involved in defining the CSR strategy and priorities. [...] At upper management level, the Group CSR Officer manages the entire CSR program and presents on a regular basis to the CSR Committee of the Board of Directors the latest achievements and planned objectives both at global and regional levels on the environmental and social initiatives of the Group. She highlights cooperation needs by other Atos functions or business lines to further the CSR strategy. The Group CSR Officer oversees internal and external CSR communications and is the prime contact with non-financial agencies and investors on CSR topics. The Group CSR function is led by the Group CSR Officer and coordinates and aligns the CSR program and strategy within the Group. It is composed of a core international team of Group CSR managers who work closely with local CSR managers, support and business functions as well as the EMS managers in the Group. Weekly and monthly reviews are organized to design, implement, and monitor main axes of actions and targets."
"Atos, as a global service provider with many customers dependent upon the provisioning, delivery, and operation of Atos business solutions, has adopted a comprehensive set of policies to manage risks of security breaches and incidents. Conse�uently, Atos recogni�es that the occurrence of disruptive events has the capability to materially impact, including, but not limited to safety of Atos employees, contractors, clients' employees, Atos assets and business operations, Atos client assets and business operations and Atos reputation. The most important documents covering material negative impacts (business interruptions caused by security breaches, data privacy violations caused by security breaches) and the material risk of financial impacts, reputational damage due to security breaches are� � **Atos Information Security Policy � outlines comprehensive** principles and guidelines to ensure the protection of information assets within the Atos Group; � **Atos Security Risk Management Policy �** Atos follows an Enterprise Risk Management Framework that aims to manage uncertainties that may impact business objectives. Security Risk Management is a crucial part of this framework and adheres to specific processes and principles; � **The Cyber Emergency Policy �** establishes a consistent and effective method for addressing any declared cyber emergency event. This policy ensures that Atos leadership, management and staff follow a structured approach to mitigate risks and minimize harm to Atos Group; � **Atos Secure Development Policy �** outlines a structured framework for integrating security best practices throughout the software development lifecycle. This policy aims to ensure that applications and systems developed by Atos are secure, resilient, and compliant with relevant security standards and regulations; � **Atos Crisis Management Policy � provides a structured and** efficient framework for managing and mitigating crises that could significantly impact Atos operations, reputation, and stakeholders. This policy aims to ensure a swift, coordinated, and effective response to crises, thereby minimizing their adverse effects and ensuring business continuity; � **Atos Information Backup Policy �** guarantees that information and software can be recovered after failures or cyber‑attacks, ensuring clients' data integrity and availability; � **Atos Vulnerability Management Policy �** ensures the identification, assessment, and remediation of security vulnerabilities within Atos information system within Atos environment. This policy aims to minimize the risk associated with vulnerabilities and enhance the overall security posture of the organization. The general ob�jective of these policies is to ensure high standards of security and reliability in providing services to Atos clients and end‑users. Apart from the key policies mentioned above, Atos �roup Security maintains global security and safety policies, standards and guidelines that could be used as basis for managing the material impacts related to consumers and end‑users that were identified in the last materiality analysis and included in the table above. The policies are regularly reviewed and updated regularly according to the Atos cybersecurity and architecture strategy evolution, but also in response to an ever‑changing risk landscape. These out‑of‑cycle reviews can be triggered by audit findings, internal or e�ternal changes, and lessons learned from security incidents or crisis. Regardless of review type, all policies are monitored through regular audits as part of the �S� 27001 certification process and are stored within the �roup Security library on Share�oint available to all Atos �roup employees.

Describe the process(es) your organization has in place to ensure that your engagement activities are consistent with your overall climate change strategy[…]Atos' public commitment to the Paris Agreement, as well as its overall climate change strategy, are enshrined in Atos' core 'Sense of Purpose', or 'Raison d'être' which informs all Atos activities, including Atos' efforts to engage in activities that could either directly or indirectly influence policy, law, or regulation that may impact the climate, also when this is done indirectly via Trade Associations.

Atos' climate change strategy, as expressed through our commitment to the Science Based Targets and to the goal of the Paris Agreement to limit global warming to 1.5 degrees C, is also embedded in the Environment section of the Atos Code of Ethics, to which Atos employees are required to adhere. Each year, all Atos employees are required to successfully complete a mandatory training on the Code of Ethics, which helps ensure that their understanding of our overall climate change strategy is up-to-date, and furthermore helps ensure that their engagement activities are consistent with this strategy.