Experian ESG Presentation Deck

Executive Summary Improving Financial Health Social - Data Security - Three Lines of Defence ● ● 38 We follow the Three Lines of Defence approach to risk management. Data Risks are owned and managed within the business and reviewed by our businesses at least quarterly. Global governance teams review risks and controls, including those relating to information security, compliance and business continuity. Global Internal Audit assesses our risks and controls independently and objectively. The results of these reviews feed into our quarterly reporting cycle, including through the risk. management governance structure. O Experian Public Employees Supply Chain First Line of Defence >Lines of business (regional and global) > Experian IT Services (EITS) > Corporate functions Environment All employees have First Line responsibilities Board Audit Committee Executive management / Risk Management Committees Second Line of Defence > Global Risk Management > Global Security Office > Compliance > Business Continuity > Physical Security > Legal Governance Governance teams have Second Line responsibilities Policies & Data tables experian Third Line of Defence > Global Internal Audit Appendix Global Internal Audit has Third Line responsibilities TM

View entire presentation