Experian ESG Presentation Deck

Executive Summary Improving Financial Health Employees Social - Data Security - Governance and responsibility 33 ● Data Board and executive priority Data privacy and security is a top priority. Regular updates to the Board's Audit Committee and risk committees on information security risks and the business's response. Supply Chain Specific responsibility at the board level is overseen by the Security and Continuity Steering Committee (SCSC), a sub-committee of the Executive Risk Management Committee (ERMC). • SCSC (CEO, CFO, COO and CIO), review global information security, physical security and business continuity every month. Data security investment decisions are made centrally, to protect level of spend. Experian Public 3 lines of defence risk management model: o 1st line: day-to-day operations, applying internal controls (e.g. IT) o 2nd line: oversight, internal assurance, strategies and policies (Global Security Office) o 3rd line: independent assurance (Internal Audit) ● ● Environment Governance Policies & Data tables Global Security Office On a daily basis data security is overseen by Chief Information Officer experian Data Protection Officer Chief Information Security Officer (leads GSO) Appendix Experian is run on a regional basis. The Global Chief Information Officer has CIOs for each region who report into him, who each have their own regional teams. Global Security Office provides: Governance and Control, Engineering and Innovation, Application Security, Physical and People Security, Security Operations Centre and Information Security Risk Management Services. Within the Security Operations Centre there is a Cyber Security Investigations team who safeguard key assets such as systems and storage facilities. They manage any security developments that may threaten Experian's people, process, or technology through intervention and thorough investigation of security incidents. TM

View entire presentation