This clause is stipulated in documents for tender bids, to which the Charter of Ethics was attached. Since 2020, the Group has also included it in contracts signed with suppliers.
In 2021, the Group initiated a project to map CSR risks within its value chain. A preliminary workshop was organized at the end of the year to frame the approach and to calibrate the required methodology and tools for mapping and evaluating partners. It is being assisted in this regard by a specialist firm with the aim of being able to structure the Group’s future responsible purchasing policy and defining its objectives and control processes.
Integrating ethics issues at subsidiaries
In Brazil, Edenred organized a compliance week for the fourth consecutive year. The 2021 event focused on three main topics: The prevention of money laundering, the compliance program and the protection of personal data. The Argentine subsidiary conducted an assessment to detect the organization’s requirements with a view to updating its integrity plan, i.e., the Code of ethics, its policies and its local procedures. In addition, the Group’s Charter of Ethics was discussed and must be signed by all employees during induction week.
Italy – SA 8000 certification
Edenred Italy has been SA 8000 certified since 2015. This standard assesses an organization’s social accountability performance based on criteria of quality, compliance and respect for human rights, as defined in the International Labour Organization (ILO) conventions, United Nations Convention on the Rights of the Child and the Universal Declaration of Human Rights. In meeting SA 8000, Edenred guarantees social performance based on these criteria at its production facilities and throughout its supply chain.
220.127.116.11 Key progress indicators
Edenred’s progress on this commitment to create value responsibly will be measured annually based on the percentage of Group employees who have approved the Charter of Ethics.
This percentage stood at 97% in 2021, with a target of 100% by 2022. The longer-term objective is to be listed as one of the World’s Most Ethical Companies by 2030.
5.4.2 Ensuring IT security and data protection
Its very high proportion of digital solutions means that Edenred must work continuously to bolster the security of its IT systems.
In addition, as an employer and service provider, Edenred is subject to personal data protection rules governing the protection of privacy and freedoms.
18.104.22.168 Priority issue: IT security
The Information Systems Security Department advises and assists Group management in defining its IT security policy. It is responsible for ensuring that the policy is properly implemented, applied and monitored by identifying, organizing, coordinating and leading security programs, prevention programs and corrective measures in all of the Group’s host countries.
Given regulatory requirements and increased risk of cybercrime, cybersecurity has become a key issue for the Group. The current system includes a framework of guidelines that apply the Group’s information security policy, a cybersecurity unit deployed worldwide to implement security measures, a structure and actionable technical solutions in the event of a crisis and controls to assess the Group’s security posture on a regular basis (see section 4.1.3 Cybercrime and information system risks from page 76).
The Group’s cybersecurity activity is overseen by an Edenred group Information Systems Security Manager (ISSM), who draws on a network of IT security experts across all the regions and businesses in which the Group operates. Cybersecurity is also supervised at the Management Committee level by the Executive Vice-President, Digital and IT.
In 2019, Edenred initiated a three-year Cyber Program aimed at increasing the level of maturity of all Group subsidiaries. The approach is aimed at strengthening the organization, governance, tools and processes in place to ensure the proper management of cybersecurity risks. The Cyber Program covers the Group’s major security challenges, including incident detection and management, IT continuity plans, security by design, identity and access management, and cyber-risk awareness. It is re-evaluated each year during work on the three-year plan in order to adapt to new threats.
Since 2020, Edenred has finalized the implementation of its Security Operation Center (SOC) in order to improve its cybersecurity incident detection and response capabilities. The Group also initiated and completed major projects designed to harmonize its IT ecosystem and secure the most critical elements of its infrastructure. It has also initiated a major project to analyze its critical activities and the IT assets supporting them. Edenred’s objective is to further improve the reliability and resilience of its digitized products. Particular attention has been paid to raising employee awareness, with a focus on phishing campaigns, recommendations and periodic discussion workshops between corporate headquarters employees, the network of IT correspondents and the Information Security Department.