BUSINESS RESPONSIBILITY & SUSTAINABILITY REPORT
S.
No.
Material
issue
identified
Indicate
whether
risk or
opportunity
(R/O)
Rationale for identifying the risk
/ opportunity
In case of risk, approach to adapt or
mitigate
Financial
implications of the
risk or opportunity
(Indicate positive
or negative
implications)
10 Cybersecurity R Embedding security into every
layer of the organization—
from technology to people
and processes, as well as
extending these requirements
throughout our value chain—
requires expertise, commitment,
collaboration, and ongoing
vigilance.
The Company runs a cybersecurity
risk-based approach and related
management program based on ISO
27005, which provides guidance on
systematically identifying, addressing,
evaluating, and treating relevant risks.
Treated as a continuous process
involving all IT initiatives, services,
and suppliers’ engagement, our risk
management function is subject
to security, legal, and regulatory
requirements. The Company follows
industry best practices such as ITIL 4
and National Institute of Standards and
Technology (NIST) recommendations
to manage detected cybersecurity
incidents effectively. Incidents are
recorded, analyzed, confirmed,
classified, and prioritized so that
appropriate remediation and response
actions are implemented while, at the
same time, the impacted data, service,
or application is restored/recovered.
Negative
SECTION B: MANAGEMENT AND PROCESS DISCLOSURES
This section is aimed at helping businesses demonstrate the structures, policies and processes put in place towards
adopting the NGRBC Principles and Core Elements.
P1 Businesses should conduct and govern themselves with integrity and in a manner that is ethical, transparent and
accountable
P2 Businesses should provide goods and services in a manner that is sustainable and safe
P3 Businesses should respect and promote the well-being of all employees, including those in their value chains
P4 Businesses should respect the interests of and be responsive to all its stakeholders
P5 Businesses should respect and promote human rights
P6 Businesses should respect and make efforts to protect and restore the environment
P7 Businesses when engaging in influencing public and regulatory policy, should do so in a manner that is responsible and
transparent
P8 Businesses should promote inclusive growth and equitable development
P9 Businesses should engage with and provide value to their consumers in a responsible manner
Disclosure Questions P1 P2 P3 P4 P5 P6 P7 P8 P9
Policy and management processes
1. a. Whether your entity’s policy/policies cover each
principle and its core elements of the NGRBCs.
(Yes/No)
Yes
b. Has the policy been approved by the Board? (Yes/No) Yes
c. Web Link of the Policies, if available Please refer to the section on ‘Links to the Company Policies
and Programs’ at the end of this Report.
2. Whether the entity has translated the policy into
procedures. (Yes / No)
Yes
3. Do the enlisted policies extend to your value chain
partners? (Yes/No)
Yes
76 Hitachi Energy India Limited