Anti-corruption and Business Ethics Code training has been provided to 100% of those employees exposed to these risks since 2018. All potentially exposed newcomers are trained and all managers must be aware of the whistleblower procedure.
The recruitment procedure for sensitive positions is specific (Finance, NPDI, Procurement, HR, Payroll). The General Data Protection Regulation (GDPR), which came into force in May 2018 in Europe, is also deployed on a voluntary basis by Verescence at its sites across the Atlantic. The required data register is operational.
of employees exposed to risks trained
Disaster Recovery Plan: test validated once a year
of our partners have signed the ethics and anti-corruption clause
An "FCPA policy" (Foreign Corrupt Practices Act) covering various topics (conflicts of interest, fraud, anti-competitive practices, etc.) is in force at all our sites; all our employees share the same Code of Ethics and Conduct. In the event a violation needs to be reported, a whistleblower procedure is accessible on the Intranet, on the website www.verescence.com, and is displayed at all our sites.
Verescence's Compliance Committee, supervised by our CEO, meets every two months and/or at any time if necessary, to deal with any issues related to business ethics, including anti-corruption, conflict of interest, security of information systems, etc. Thus, it tracks the number of reported and resolved cases: in the last 24 months, no cases have been identified.
A worldwide computerized workflow "eValid Gifts & Donations" is in place to audit gifts and donations, in accordance with the Group's LoA (Limit of Authority) policy. All Verescence partners (suppliers, customers, service providers, agents, distributors, etc.) must agree to abide by the standard ethics and anti-corruption clause that we convey to them. The verification of the legal background of a third party, possible via the "World- Check” tool, guarantees that we are free of any act of corruption attributable to a potential partner.
Since 2019, a new insurance policy in case of fraud and/or cybercrime covers all our Group’s entities. The increasing digitalization of business processes (for example, the deployment of GTE electricity and gas management projects from March 2020), in line with the "zero paper" strategy and the strengthening of compliance monitoring within the Group (i.e., eValid) are generating more and more data to be secured. Consequently we have reinforced our backup strategies and internal/external intrusion tests to assess and monitor the robustness of the infrastructure against internal and external attacks. The Disaster Recovery Plan (DRP) allows us to simulate the loss of one of our Data Centers to help us prepare for such an eventuality.
Aware of the increasing risks related to cybersecurity, their impacts and consequences, Verescence has built an organization and governance with the establishment of a Group Cybersecurity Committee, chaired by our CEO under the responsibility of the Chief Information Officer (CIO) and the Head of Information Systems Security. Well beyond the technological and IT dimension, a support program for users and managers has been put in place to understand this new dimension and to make everyone a contributor in the protection of our customer and company data, and Verescence's IT assets (machines and software). In order to support and secure Verescence’s digital transformation and in particular the industrial digital transformation, Verescence works daily on the implementation of new means of protection, surveillance and response in case of attack. In order to consolidate this commitment, Verescence has initiated an ISO 27001 certification process.