Governance within ESG centers on ethical leadership, transparency, and accountability across all our decision-making processes. We are committed to maintaining robust governance structures that promote responsible business practices and create long-term value for our stakeholders.
Our ESG strategy is shaped and overseen by the senior management and business leaders, who regularly report the proceedings to the Executive Board and Board of Directors. They work in close coordination with the Risk Management and CSR Committees to address emerging challenges and drive social impact initiatives.
We embed ESG into our business strategy, enhancing stakeholder value through improved trust, collaboration, innovation, member engagement, and environmental stewardship.
To promote fairness and transparency, the Company has developed and put in place policies that are aligned with our Company's Code of Conduct standards. These policies encompass:
We maintain zero tolerance for bribery and corruption through our Integrity Policy, which upholds legitimate business practices and prohibits any form of misconduct. To support this, we have implemented a secure platform, WE HEAR, that enables members to report unethical behavior, suspected fraud, or violations of our Code of Conduct and Ethics. Our Grievance Resolution Policy ensures that concerns raised through WE HEAR are addressed within two working days, with an option to escalate unresolved matters directly to the Executive Board or Executive Chairman. Additionally, forums such as Just Ask, Ask EB, and Ask Ashok offer members multiple avenues to voice concerns, reinforcing our commitment to a transparent, safe, and responsive workplace culture.
Our Health and Safety Policy reflects our commitment to a safe, healthy workplace. It focuses on preventing hazards, complying with safety norms, and promoting well-being through training, risk assessments, and proactive initiatives. Collaboration between members and management is key to building a strong safety culture and responding quickly to health risks.
Our Whistle-Blower Policy affirms our commitment to ethical conduct. It provides a secure channel for members and consultants, including those in subsidiaries to report potential violations of laws or internal policies. The policy ensures protection against retaliation, creating a safe space for open communication.
Our Integrity Policy defines our core values: Sharing, Mindful, Integrity, Learning, Excellence, and Social Responsibility (SMILES). Integrity, a key value, highlights the importance of honoring commitments. It promotes reliability, honesty, and professionalism, encouraging us to do the right.
We are dedicated to a respectful, inclusive, and harassment-free workplace. Our Disciplinary Policy supports fair and consistent handling of misconduct, focusing on behavioral improvement aligned with Company values. An Internal Committee addresses complaints under the PoSH Act, supported by year-round training and awareness programs. These efforts help foster a workplace where all Happiest Minds feel safe, valued, and respected.
We are firmly committed to upholding human rights and stand unequivocally against all forms of modern slavery. Guided by our mission Happiest People, Happiest Customers, we strive to create a workplace where individuals can thrive through a culture rooted in fairness, transparency, and joy. Our 7Cs of the Happiest People Framework—Culture, Credibility, Collaboration, Contribution, Communication, Community, and Choice—underscore our focus on well-being, work-life balance, and social responsibility.
Diversity, Equal Opportunity, and Inclusion are central to our values and operations. Through the Happiest Minds Diversity Council, we actively shape a culture of inclusion, using team feedback to inform new initiatives and continuously improve our DEI practices. This commitment extends to our partners and vendors, who are expected to uphold our Vendors’ Code of Conduct, covering key principles such as freedom of employment, safe working conditions, fair compensation, and non-discrimination.
Our Business Continuity Plan is designed to ensure uninterrupted operations during and after disruptions whether natural or man-made, while protecting our people, assets, and service delivery. It addresses a range of risks including technical failures, natural disasters, and emergencies, and is regularly communicated across business units and updated as needed. Access controls safeguard physical and digital assets, while our Information Security Policy reinforced through mandatory training ensures data confidentiality and integrity.
Focuses on restoring critical IT and business functions, maintaining security throughout recovery.
Senior management ensures enterprise-wide commitment.
Identifies threats and evaluates potential business impacts to prioritize response.
Tailored plans outlining roles, resource backup, vendor support, and service continuity.
Ongoing testing and reviews keep the plan current with organizational and environmental changes.
Our tax strategy is rooted in a strong commitment to legal compliance, due diligence, and sound governance. Given the dynamic nature of tax legislation, we take a proactive and structured approach to monitor, interpret, and respond to legislative changes, regulatory updates, and judicial rulings. Each matter is evaluated on a case-by-case basis to ensure our tax positions align with applicable laws.
We draw on relevant case laws and jurisprudence to guide our interpretations, ensuring our approach is consistent with prevailing legal precedents and judicial interpretations. This strategy underscores our broader commitment to transparency, legal integrity, and corporate responsibility adhering to both the letter and the spirit of the law.
We maintain robust processes and controls to manage cybersecurity risk in line with evolving threats and regulations. We regularly assess our security and privacy programs through internal and external audits, continuously enhancing our infrastructure.
To strengthen our commitment to privacy, we adopted ISO 27701, the Privacy Information Management System (PIMS) in December 2022. This globally recognized standard, audited annually by third-party auditors, helps us formalize and standardize privacy policies and practices. We developed data flow maps, evaluated operations, identified privacy risks, and implemented effective mitigation measures and controls.
The data privacy requirements and regulations worldwide led us to adopt ISO 27701, a Privacy Information Management System (PIMS), in December 2022, which is audited and certified annually by third-party auditors. This facilitated documenting and applying standardized privacy policies and procedures. With all these privacy controls already established, we will meet the needs of India's Digital Personal Data Protection Bill of 2023 and Digital Personal Data Protection Rules of 2025, so we are still responding to the privacy risk and regulatory need.
We have built a comprehensive Information Security and Privacy System to safeguard data and uphold stakeholder trust. Key capabilities include:
We maintain detailed records to monitor, validate, and ensure the accuracy and completeness of personal information (PI).
We conduct thorough risk assessments of PI-handling processes and implement appropriate mitigation controls to manage identified risks.
We have established mechanisms that enable individuals to exercise their rights such as data deletion, subscription management, updates, or opting out of data sale through accessible and transparent processes.
We embed privacy principles like “Privacy by Design” and “Privacy by Default” into our software development lifecycle. Our infrastructure is fortified to prevent unauthorized access or data leaks, integrating privacy with our broader security framework.
We maintain a complete inventory of vendors and conduct security and privacy risk assessments prior to onboarding and periodically thereafter, ensuring compliance with our security standards.
Internal and external audits help us monitor the effectiveness of our security and privacy protocols. Leveraging advanced technologies, a robust set of security controls, and a mature governance framework, we continually improve our systems to ensure data security and privacy across all stakeholder interactions.
We have further strengthened our capabilities through enhancements such as network segmentation, Zero Trust architecture migration, advanced cloud and application security protocols, and stringent data leakage prevention measures.
