Mission-Critical Decisions, Made with Confidence.
7. In 2024, Crisil improved its operational maturity in Information Security posture through new initiatives and enhanced
tools for preventing data loss and ensuring Intellectual Property protection. These controls ensure adequate
and proportionate protection of Crisil’s confidential information assets. Crisil measures its cyber policies and
preparedness against the NIST framework. The company conducted comprehensive internal and external audits to
validate compliance and continuously improve its security posture, ensuring resilience against evolving cyber threats
via continuously strengthening its security protocols
To raise awareness, advisories are circulated and trainings on information security and phishing simulations are
conducted regularly to educate employees about emerging threats.
Crisil has been ISO 27001:2013 certified since 2015, demonstrating its long-standing commitment to information
security management. We are actively upgrading to the ISO 27001:2022 standard, ensuring continued alignment with
the latest global best practices.
Crisil has achieved SOC 2 Type 2 certification for key business units, along with three critical applications. This
certification, conducted by independent AICPA-accredited auditors, reflects our commitment to addressing client
trust and regulatory requirements while maintaining robust operational integrity.
Crisil has a robust privacy framework which includes personal data mapping, privacy impact assessment, privacy
policy, training and awareness, data subject requests programme and incident management. Privacy by design is
central to Crisil’s privacy framework.
Provide the following information relating to data breaches:
a) Number of instances of data breaches: Nil
b) Percentage of data breaches involving personally identifiable information of customers: Nil
c) Impact, if any, of the data breaches: Nil
Leadership Indicators
1. 2. 3. 4. Channels/platforms where information on products and services of the entity can be accessed (provide web link,
if available).
Details on products and services offered by Crisil is available at https://www.Crisil.com/en/home/our-product.html
Steps taken to inform and educate consumers about safe and responsible usage of products and/or services.
Not applicable considering the nature of Crisil’s business
Mechanisms in place to inform consumers of any risk of disruption/discontinuation of essential services.
Not applicable considering the nature of Crisil’s business
Does the entity display product information on the product over and above what is mandated as per local laws?
(Yes/No/Not Applicable. If yes, provide details in brief. Did your entity carry out any survey with regard to consumer
satisfaction relating to the major products/services of the entity, significant locations of operation of the entity
or the entity as a whole? (Yes/No)
Display on product information is Not Applicable to Crisil due to the nature of services offered.
Crisil undertook the net promoter score (NPS) survey across its client base. The NPS system creates a consistent and
simplified baseline customer sentiment metric among customers and provides timely insights that are easy to act
on.
Additionally, our business development and senior management teams from various businesses engage with
customers through periodic meetings, gather project-level feedback and conduct surveys to help us assess our
clients’ needs and improve our offerings and service quality. Besides, we emphasis on regular one-on-one interactions
with clients and undertake conscious outreach initiatives to clients and investors to understand their perspectives
and address their concerns.
Annual Report 2024
133
Sustainability