Ensuring a conflict-free environment
We also treat maintaining confidentiality of client-specific information with utmost importance. A number of technical and policy measures are implemented to ensure confidentiality of data.
    Data Loss prevention mechanism, which monitors emails sent to non-CRISIL domain
Cadence over information sharing within businesses
Confidentiality Policy
Technical and policy controls in place to ensure confidentiality
Employees are required to disclose all conflicts
Access control measures through institution of logical and physical firewalls
Employees are expected to follow protocols under the personal trading policies
                 Data privacy
Data protection and data security
Protection of data and ensuring security during data transmission are vital to CRISIL’s business. Data protection involves implementation of measures such as use of encryption, role-based access control and data backup to safeguard the data from unauthorised access, alteration and destruction. It involves deployment of technical and administrative control measures to protect against vulnerabilities and threats such as malware or data theft.
At CRISIL, information security is an independent function, separate from IT. The Information Security Officer leads planning and development of information security architecture and policies. The policies are subject to regular audits (internal, ISO 27001, client audits) to assess our security posture and compliance against our obligations on an ongoing basis. Further, the information security team regularly updates the Risk Committee on information security and status of remediation plans implemented to mitigate risks, if any.
CRISIL has a robust privacy framework which includes personal data mapping, privacy impact assessment, privacy policy, training and awareness, data subject requests program and incident management. Privacy by design is central to CRISIL’s privacy framework. The risk-based framework enables CRISIL to comply with applicable data protection laws. The privacy program involves continuous monitoring and revalidation of existing framework for the new regulations, customer requirements and emerging technologies. CRISIL’s privacy policy articulates the principles followed with regard to collection, usage, disclosure, security and retention of personal data.
Read our Corporate privacy policy Read our Confidentiality Policy
Directors and Senior Management are obligated to regularly disclose conflict of interest arising from ownership or directorship positions held in other entities.
ESG Report 2023 25