3 a)
b) c)
Do you have a preferential procurement policy where you give preference to purchase from suppliers comprising marginalized /vulnerable groups? (Yes/No)
From which marginalized /vulnerable groups do you procure?
What percentage of total procurement (by value) does it constitute?
 CRISIL’s policy of equal opportunity towards our stakeholders ensures that we engage with suppliers on merit and business needs. However, CRISIL is equally conscious of the need for inclusive procurement, to deliver broader societal benefits by generating economic opportunity for disadvantaged communities. CRISIL’s Supplier Diversity framework welcomes the marginalized section of suppliers classified as MSME (micro, small and medium enterprises) and businesses owned by women, veterans, differently abled and LGBTQ+ enterprises into our supply chain. The framework also provides guidance on reviewing our spend through diverse supplier base and for defining goals for sourcing from diverse group of suppliers.
During 2023, our sourcing from marginalised suppliers was as follows:
• 18.43% procurement through MSME suppliers*
• 0.61% procurement through suppliers that are women owned enterprises * Note: *In value terms
4. Details of the benefits derived and shared from the intellectual properties owned or acquired by your entity (in the current financial year), based on traditional knowledge
CRISIL services do not use intellectual properties from communities based on traditional knowledge.
5. Details of corrective actions taken or underway, based on any adverse order in intellectual property related disputes wherein usage of traditional knowledge is involved
CRISIL services do not use intellectual properties from communities based on traditional knowledge.
6. Details of beneficiaries of CSR Projects
Please refer to table no. 24(c) on pg. no 72 of the ESG Databook.
PRINCIPLE 9: Businesses should engage with and provide value to their consumers in a responsible manner
Essential Indicators
1. Describe the mechanisms in place to receive and respond to consumer complaints and feedback.
Each business receives and addresses customer complaints regularly. Complaint redressal is tracked rigorously at various levels of the management. The Stakeholders’ Relationship Committee of the Board regularly dedicates exclusive time to review stakeholder complaints, including customer complaints. Additionally refer to Q4 of Leadership indicators of this Principle for information on customer surveys undertaken.
2. Turnover of products and/ services as a percentage of turnover from all products/service that carry information about social and environmental parameters, safe and responsible usage, recycling and safe disposal.
Not applicable considering the nature of CRISIL’s business.
3. Number of consumer complaints in respect of data privacy, advertising, cyber-security, unfair trade practices, etc.
Refer to table no. 21(b) on pg. no 69 of ESG Databook
4. Details of instances of product recalls on account of safety issues
Not applicable considering the nature of CRISIL’s business.
5. Does the entity have a framework/ policy on cyber security and risks related to data privacy? (Yes/No) If available, provide a web-link of the policy
Yes. CRISIL also has adopted “CRISIL Global Corporate Privacy Policy which can be accessed at https://www.crisil.com/en/home/crisil- privacy-notice.html
6. Provide details of any corrective actions taken or underway on issues relating to advertising, and delivery of essential services; cyber security and data privacy of customers; re-occurrence of instances of product recalls; penalty / action taken by regulatory authorities on safety of products / services.
There were no penalty/ action taken by the regulatory authorities in respect to the aforesaid.
However, protection of data and ensuring security during data transmission are vital to CRISIL’s business. Data protection involves implementation of measures such as use of encryption, role-based access control and data backup to safeguard the data from unauthorised access, alteration and destruction. It involves deployment of technical and administrative control measures to protect against vulnerabilities and threats such as malware or data theft.
At CRISIL, Information Security is an independent function, separate from IT. The Information Security Officer leads planning and development of information security architecture and policies. The polices are subject to regular audits (internal, ISO 270001, client audits) to assess our security posture and compliance against our obligations on an ongoing basis. Further, the information security team regularly updates the Risk Committee on information security and status of remediation plans implemented to mitigate risks (if any).
                      108 ESG Report 2023
 Business Responsibility and Sustainability Report