

Cybersecurity and data protection
Protecting our company, our employees, and our clients.
As a leader in the digital industry, we take seriously our responsibility to create a trusted environment across our entire ecosystem. We believe that a comprehensive and constantly improving cybersecurity and data protection model will foster an increasingly valuable, yet elusive, asset: digital trust.
We are committed to protecting all data entrusted to us and defending our business against cyberattacks. Our cybersecurity and data protection teams enforce data breach and security incident management policies and ensure effective implementation of data, infrastructure, and identity protection obligations. This includes mandatory training programs for colleagues on how to prevent and respond to data breaches and incidents.
Committed to protecting data, infrastructure and security
As part of our Environmental, Social and Governance policy, we have set ourselves the objective to:
– Be recognized as a front leader on data protection and cybersecurity
Our CERT services
Our Computer Emergency Response Team (CERT) collaborates with our Security Operations Center (SOC) teams to establish detection rules and coordinate responses in line with an established framework:

How we operate
Data protection
Our Binding Corporate Rules (BCRs) are the foundation of our data protection program, setting out our commitment to securing personal data and complying with data protection laws. First approved by the European Data Protection Authorities in March 2016, and updated in 2019 to meet the requirements of GDPR, they ensure continuous improvement in data protection processes across our entire organization.

Cybersecurity
Our board-sponsored cybersecurity strategy, in place since 2014, is focused on: managing internal and external threats; establishing trust mechanisms within our ecosystem and across our organization; and complying with legal requirements and security standards (with ISO 27001 as a baseline).
Our communities
Internal cybersecurity and data protection communities are a critical component of our operating model that work together on protecting our company, employees, and clients. The cybersecurity community includes the Group Cybersecurity Officer and team, and Chief Information Security Officers in all global business lines, business units and countries.

Computer emergency response team
The Computer Emergency Response Team (CERT) is responsible for preventing threats and intervening in security incidents impacting Capgemini. If you have any concerns or want to report an issue, please get in touch using the details below:
– PGP key: 0x2D581804
– Phone number: +33 (0)7 64 54 24 53
– Rfc2350 for CERT-C is located in the file below