The Group’s Global IT Department sets the strategic priorities for its IT systems. In particular, it oversees ERP management software which is used by the vast majority of the Group’s commercial subsidiaries, factories and logistics services. It also supports the digital transformation of the Group by developing the use of cloud services (SaaS, IaaS, PaaS) and connected objects.
Within the IT Global Department, the Cybersecurity Department manages the Information Systems Security Policy. Consistent with international market standards (ISO 27001/27002, NIST), this policy covers the main topics of IT security, including the protection of personal data. It describes general principles to be applied for each topic. This ensures that the Group’s Information Systems teams, and by extension all employees, share clear objectives, best practices and levels of control that are appropriate for the risks (particularly the risk of cyber attacks). This policy is backed by specific action plans, which include remedial measures if any cybersecurity risks arise, an independent information systems security audit programme, and two codes of practice – the Information and Communication Technologies Code of Practice, and the Code of Good Practice for the Use of Social Media.
L'Oréal’s cybersecurity governance is underpinned by a framework based on the three lines of control model presented in section 3.1. Presentations on cybersecurity topics are regularly given to top management, and in 2024 a presentation on the Group's cybersecurity system was given to the Board of Directors (see section 2.3.2).
This Department comprises the Packaging Development, Purchasing, Industrial Strategy and Operational Excellence, Quality, EHS (Environment, Health, Safety), Supply Chain and Information Systems (value chain) departments. It defines the overall Operations strategy worldwide and defines the standards and methods applicable in the areas of quality, safety and the environment for rollout in all the countries where the Group operates. It oversees the overarching strategy so that the Operations teams in the operational Divisions and the Zones can implement innovation, supply, quality, hygiene and security, environmental manufacturing and supply chain policies that are relevant to the markets. It conducts a worldwide Quality-EHS audit programme, assessing the Group’s sites and suppliers of direct purchases. It establishes and trains the business communities of these departments.
In line with the Group’s Code of Ethics, buyers have had access to a practical and ethical guide, The Way We Work with our Suppliers, since 2011. This guide covers everything they need to know when working with the Group’s suppliers. In addition, buyers complete online training programmes based on the Group’s The Way We Compete and The Way We Prevent Corruption guides.
The standard for managing suppliers and tender procedures specify the conditions for competitive tendering and for the registration of the main suppliers. The general terms of purchase form the framework for transactions with suppliers. The "Standard for supplier management (Source to contract)" facilitates and strengthens control over spending and investments.
The main tasks of the Supply Chain Department are to supply the Group’s customers and consumers via eight distribution channels operated by the Group, to manage the planning processes, from demand through to supply, and to implement and operate an agile supply chain network that is both profitable and sustainable. The processes managed by the Supply Chain include managing order processing, from order receipt to preparation, supplying and recovering credit, preparing sales and supply forecasts, deploying inventories of finished products and jobs, managing centres, subcontractors and logistics service providers, and monitoring traceability and logistics continuity plans.
The Packaging Development teams implement a materials vigilance programme that ensures consumer safety in connection with packaging materials, as well as regulatory monitoring in connection with R&I of all legal obligations related to packaging and labelling.
