Technical and Organizational Measures

Section 1.  Schneider Electric has adopted an internal Global Data Privacy Policy which is applicable to all subsidiaries for the collection, processing, use, dissemination, transfer and storage of Personal Data. It imposes common rules for all of subsidiaries of all countries and aims at ensuring a high level of protection of Personal Data within 

Schneider Electric group. Our Trust Charter, availablehere is an executive summary of our policies and a guide on how we work, including on cybersecurity, data privacy and protection.

Section 2.  Schneider Electric applies Secure Development Lifecycle and has defined technical measures to address cybersecurity consistency and interoperability in development of products, systems, offers. Schneider Electric has defined privacy by design guidelines and tools for developers to obtain privacy and cybersecurity controls relevant to their developments. 

Section 3.  Schneider Electric enforces digital security and privacy conformance for products, systems, software, platforms, applications, and digital offers through security reviews and, when applicable, a digital certification process. 

Section 4.  Technical and organizational measures include the following: 

i.  Measures of pseudonymization and encryption of Personal Data  

Personal Data collected by Schneider Electric is subject to Schneider Electric policies regarding data protection and privacy, and information security. Masking data or de-identifying it is one of several technical controls used to protect Personal Data, and data generally within the organization. Personal Data is encrypted in transit and at rest. 

Specifically: (a) the controls in the privacy by design guidelines and tools of Section 2 include collection and processing limitation and security measures, which cover pseudonymization and de-identification, as well as encryption at rest and in transit; (b) the technical measures of Section 2 includes requirements and guidance on cryptography as well as on Public Key Infrastructure (PKI) integration; (c) the controls in the digital certification process of Section 3 include privacy controls that cover data minimization as well as IT security controls that cover data encryption in transit and at rest. 

ii.  Measures for ensuring ongoing confidentiality, integrity, availability and resilience of processing systems and services  

Schneider Electric has policies, practices, and procedures in place which address the following: (a) global capabilities, people and technology supporting the main business processes of Schneider Electric, including: customer relationship management, enterprise resource planning, Active Directory, file-sharing system, messaging system, internal public key infrastructure; (b) processes related to security governance & organization, security architecture, transversal security capabilities like incident response, threat intelligence, risk management & internal audit, privacy, business