monitor proposed changes in taxation legislation and ensure these are considered when we formulate business plans.
Monitoring: We monitor regulatory developments closely and engage with regulators, as appropriate, contributing our expertise to help shape regulations that can be implemented effectively. We also work with industry and trade associations in making recommendations on newer and evolving regulations in a timely manner.
6. Information and Cybersecurity Risks
Cyberattack incidents globally continue to increase in number and sophistication, especially in the current hybrid working environment. In addition to the impact on business operations, a data breach could result in reputational damage, legal claims and financial liabilities. Unauthorised sharing of client confidential data or CRISIL proprietary information by staff is another important risk related to data security.
To manage and mitigate such risks, the Company has a dedicated Chief Information Security Officer (CISO) driving the information and cybersecurity agenda. The CISO and the Information Security team acts as a second line of defence, strengthening the information
Integrity Insight Impact
and cybersecurity position by defining the appropriate perimeter security controls, detecting and evaluating areas of vulnerabilities, and implementing data loss prevention (DLP) tools. There is a focused exercise to build robust security process, policies and posture for the cloud since our technology transformation process increasingly leverages cloud infrastructure, applications and tools. The Company continues to evaluate and invest in additional mitigation plans through automated prevention and detection tools and infrastructure for enhanced monitoring.
In addition, during the year, an enhanced level of awareness was imparted to all employees to remain vigilant against pertinent themes of information security and cybersecurity. This was done by way of digital learning courses, external speaker sessions, emailers and case studies. Audits are conducted regularly to identify areas of vulnerability and initiate actions that mitigate the operational risks. ISO 27001 certification of key processes is conducted to ensure compliance with policies related to information technology and the management system.
 82
Annual Report 2023