Engineering an integrity-driven and ethical first future.

Connect with us
ESG governance

At Virtusa, our commitment to integrity and ethical conduct stands as the cornerstone of our organization’s values. We believe that every employee plays an essential role in upholding these principles and maintaining a workplace of trust and transparency.

Our policies provide a standard of behavior and guidance to ensure that our team members, our agents and business partners, do not knowingly or unknowingly compromise our core values embodied in our code of business conduct and ethics, the company’s policies, reputation, or brand name. Most importantly, we enforce this code and its policies to ensure that team members treat everyone with respect, fairness, and professionalism.

Virtusa’s environmental, social, and governance (ESG) committee is responsible for developing and executing our sustainability strategy.

The ESG committee has the mandate to assist Virtusa’s leadership in:

  • Embedding sustainability into the business strategy
  • Developing, implementing, and monitoring interventions and related policies for sustainability
  • Engaging with stakeholders by overseeing communications concerning sustainability
  • Monitoring and assessing development and improvement of the organization’s understanding of sustainability
  • Disclosing sustainability-related reports and information to internal and external stakeholders on a timely basis



Supply chain management guidelines

We understand that evaluating and minimizing risks in our supply chain is important to ensuring a sustainable supply chain.

We have engaged with our suppliers and implemented policies and processes to ensure a more sustainable supply chain. Our policy intends to depend on local suppliers at all locations of operations unless suppliers are not able to meet our expected service levels.

For details of spending on local suppliers, read our ESG Databook.


Supply chain engagement

We engage with suppliers through the Supplier Sustainability Survey and Supplier Meet-up.
Overall, we collaborate with our suppliers and contractors to continuously improve our procurement process, identify hazards, and assess and control occupational health and safety risks.


Procurement process and management

Our procurement process includes relevant evaluations of user safety, climate change impact, and other relevant aspects for products. Risk assessment is built into multiple touchpoints in the vendor management relationship, starting from the vendor assessment stage. The requirements to adhere to laws and regulations on ethics and labor are built into the contracts. Accountability for executing our procurement strategy begins with our local and regional procurement teams and ultimately resides with our chief financial officer.

Ethics and compliance

Our core values – PIRL (passion, innovation, respect, and leadership), coupled with our ethics and compliance program – formulate the cornerstone of our business philosophy and provide the ethical standards by which we interact with our clients, our contractors, and with each other.

Our ethics and compliance program is enforced through our Code of Business Conduct and Ethics, anti-bribery and corruption policies, and whistleblower reporting procedures, which apply to all employees, contractors, personnel, and agents across the globe.

It reflects our commitment to uphold the highest standards of ethical conduct and our dedication to honesty and integrity which have always been at the core of Virtusa’s belief system.

Information security

OAs part of the digital engineering services we provide our clients, we are responsible for ensuring that our clients’ data is protected and securely handled throughout the entire course of business. We have implemented defense in depth to reduce risks from external threats to our business operations and data. Virtusa has a well-defined and established information security management system (ISMS) and is certified against ISO 27001:2013 standard. Our information security management systems are built using industry best practices and standards – ISO 27001, HITRUST, National Institute of Standards and Technology (NIST) Cybersecurity Framework, MITRE ATT&CK, CIS Benchmarks, and client requirements.

Our information security program has board oversight, with responsibility cascading to our Chief Information Security Officer and Business Information Security Officer. Our Information Security Management Policy outlines the governance structures, monitoring, and compliance requirements for protecting our data and systems. Our information security management program undergoes an annual audit against ISO 27001-2013 and assessments against HITTRUST, SOC 1 and SOC 2, and PCI DSS. The ISO 27001:2013 certification covers 21 technology centers in India, Sri Lanka, the U.K., the U.S., Singapore, Hungary, and Sweden.

Data privacy

We recognize the importance of privacy to our clients, employees and prospective employees, contractors, and visitors to our offices and website. Accountability for privacy compliance sits at the highest level, and our data privacy organization is responsible for maintaining the global privacy program. The Virtusa data privacy management framework aims to demonstrate privacy compliance and safeguards for personal data entrusted to us.




Key elements of our approach to privacy compliance include:

  • Our privacy practices are governed by the Website Privacy Policy and the Enterprise Data Privacy Policy
  • Publishing and keeping updated privacy statements, internal policies, and guidance documents
  • Monitoring privacy regulatory trends and improving our privacy practices
  • Conducting privacy impact assessment and privacy compliance reviews of internal systems and software data processing activities, website portals, marketing initiatives, and vendor relationships
  • Providing contractual support to ensure that risks associated with any data transfers are covered by appropriate contractual terms, including assisting the legal team to update contract templates and improve privacy focused contract exhibits.
  • Assessing privacy compliance on a periodic basis through risk-based audits by the internal audit team.
  • Developing and delivering a privacy-focused training and awareness program for all employees.

Business continuity

Virtusa’s Business Continuity Program (BCP) is considered the industry gold standard. We hold ourselves to a higher standard when it comes to executing effective business continuity.

Our robust business continuity management framework is aligned and certified for ISO 22301:2019 Security and Resilience – Business Continuity Management Systems (BCMS). The BCMS team carries out annual BCM Risk Assessments at the company, contract, asset, services, and geographic location levels.

Virtusa BCP protocols include:

  • Mobilization of response teams and procedures
  • Facility monitoring and security
  • Continuation of services for near-zero client impact
  • Frequent and transparent communications