Page 198 - 1-37
P. 198
TRANSFORMING TRANSFORMING TRANSFORMING
SUSTAINABILITY REPORT FY 2023 COMMUNITIES THE PLANET THE WORKPLACE
Data Privacy and Cybersecurity
The treatment of complaints within Vedanta thorough investigations, to providing A cybersecurity breach or data privacy In the era of digital advancements,
Limited follows a systematic approach; from periodic reports to the relevant authorities incident can have severe financial and cybersecurity is imperative, given the
addressing complaints and conducting and management by the following process: reputational consequences for Vedanta. interconnected nature of our global
The costs associated with investigating society. The exponential growth of the
and remediating a breach, potential legal internet and smart devices has
Review and Investigation Cooperation and Input Reporting
liabilities, regulatory fines, and the loss of heightened the vulnerability of
• The Head of Management • The individuals named • The Head of Management customer trust and confidence can businesses to cyberattacks. It is no
Assurance reviews the in the complaint are Assurance submits a report to the significantly impact the Company's longer a question of "if" a business will
complaint and may expected to cooperate Audit Committee and any other bottom line and brand reputation. Data face such threats, but rather a matter
conduct the investigation with the investigator designated members of company privacy and cybersecurity are crucial to of "when." Safeguarding information
personally or assign it to • They have the right to management
another employee, provide their inputs • The report is submitted at least once protect sensitive information, comply systems and data has thus become a
committee, outside and present their side every six months, or whenever with regulations, mitigate cyber threats, paramount concern for Vedanta.
counsel, advisor, expert, or of the story during the deemed necessary maintain stakeholder trust, and prevent
third-party service investigation financial and reputational damage. By The Company deeply understands the
provider • The report summarizes each prioritising these areas, Vedanta can significance of cybersecurity and have
complaint made within the last 12
• The assigned investigator months and includes the following ensure the confidentiality, integrity, and identified it as a primary risk within its
may work under the availability of its data and systems, comprehensive enterprise risk
direction of the Head of • Identification of the complainant enabling sustainable business operations management framework. Vedanta
Management Assurance (unless anonymous, which will be in an increasingly digital world. acknowledges that the potential
or in conjunction with indicated) impact of cyber threats extends far
other attorneys during the • Description of the complaint's
investigation substance beyond the organisation; it can affect
individuals, the environment,
• Status of the investigation communities, and even its operational
• Conclusions reached by the performance. Through robust
investigator measures and continuous efforts, the
• Findings and recommendations Company strives to ensure the
resulting from the investigation resilience and integrity of its
information systems, minimising the
risks posed by cyber threats.
Reporting on Breaches
Vedanta’s robust information security
Corruption or Bribery Conflicts of Interest framework includes policies, standard
operating procedures (SOP),
14 4 technology standards and an effective
security assessments and audit
Discrimination or Harassment Money Laundering or Insider trading process to prevent cyberattacks. In FY
7 0 2022-23, Vedanta experienced zero
cybersecurity breaches.
Customer Privacy Data
0
Breaches in FY 2022-23
100
