Sustainability Report 2024
Employee Awareness
The cyber threat landscape is indeed evolving rapidly, with
emerging trends and techniques being used by attackers to
disrupt operations. In this milieu, Crisil is constantly working
towards making all Crisilites cyber smart.
All Crisil employees are assigned information security,
phishing and cybersecurity training, in which employees
affirm commitment to Crisil Information Security Policy.
These efforts ensure employees are well-prepared to protect
themselves and the organisation from evolving cyber risks,
fostering a culture of vigilance and security.
4,890+
hours of information security training
Business Continuity
Crisil’s business processes are automated through bespoke
applications that capture and maintain information about
business processes.
Crisil has a Business Continuity Policy (BCP) that ensures
continuation of business during emergencies. It outlines
critical processes, downtime tolerance, and planned
recovery methodologies, and ensures requisite alternative
strategies are defined for critical processes. At the same
time, it ensures safety of teams during emergencies. Crisis
communications is embedded in the BCP. The technology
department remains abreast of the changes and suitably
undertakes projects for technology upgrades to keep the
infrastructure current and state-of-the-art.
30
Grievance Redressal
Crisil has a mechanism for monitoring and addressing
complaints related to its code of ethics including ethical
conduct, transparency, human rights, equal opportunity and
conflict of interest.
It has robust mechanisms in place to raise concerns, seek
advice and report violations, if any, with either the reporting
manager, the Human Resources department representative,
or the Legal or Compliance departments.
Employees are also provided several avenues to raise
concerns such as the ethics hotline and the whistleblower
email ID in accordance with Crisil’s Whistleblower Policy.
Crisil promptly reviews the concerns or violations reported in
good faith and takes appropriate action to resolve the issue.
Crisil strictly prohibits intimidation or retaliation against
anyone who makes a good faith report about a known or
suspected violation of code, policy or procedure, or any law or
regulation, or who assists with any enquiry or investigation.
At the highest level, the Stakeholders’ Relationship
Committee of the Board regularly dedicates exclusive time
to review policy violations and stakeholder complaints.
Read Crisil’s Whistleblower Policy




In 2024, an operational risk intelligence platform was
onboarded for real-time alerts on incidents occurring
across India. This helps in advising the business/
locations on the potential risks and impacts to the
location, business continuity and employee safety.
A Business Continuity automation tool was introduced
to ensure automation in the Business Continuity
domain.
Emergency Evacuation Fire Drills have been conducted
across Pan India Crisil offices as per scheduled
calendar.
Our employees have undergone BCP and safety
trainings.