At Virtusa, our commitment to integrity and ethical conduct stands as the cornerstone of our organization’s values. We believe that every employee plays an essential role in upholding these principles and maintaining a workplace of trust and transparency.
Our policies provide a standard of behavior and guidance to ensure that our team members, our agents and business partners, do not knowingly or unknowingly compromise our core values embodied in our code of business conduct and ethics, the company’s policies, reputation, or brand name. Most importantly, we enforce this code and its policies to ensure that team members treat everyone with respect, fairness, and professionalism.
Virtusa’s environmental, social, and governance (ESG) committee is responsible for developing and executing our sustainability strategy.
The ESG committee has the mandate to assist Virtusa’s leadership in:
We understand that evaluating and minimizing risks in our supply chain is important to ensuring a sustainable supply chain.
We have engaged with our suppliers and implemented policies and processes to ensure a more sustainable supply chain. Our policy intends to depend on local suppliers at all locations of operations unless suppliers are not able to meet our expected service levels.
For details of spending on local suppliers, read our ESG Databook.
We engage with suppliers through the Supplier Sustainability Survey and Supplier Meet-up.
Overall, we collaborate with our suppliers and contractors to continuously improve our procurement process, identify hazards, and assess and control occupational health and safety risks.
Our procurement process includes relevant evaluations of user safety, climate change impact, and other relevant aspects for products. Risk assessment is built into multiple touchpoints in the vendor management relationship, starting from the vendor assessment stage. The requirements to adhere to laws and regulations on ethics and labor are built into the contracts. Accountability for executing our procurement strategy begins with our local and regional procurement teams and ultimately resides with our chief financial officer.
Our core values – PIRL (passion, innovation, respect, and leadership), coupled with our ethics and compliance program – formulate the cornerstone of our business philosophy and provide the ethical standards by which we interact with our clients, our contractors, and with each other.
Our ethics and compliance program is enforced through our Code of Business Conduct and Ethics, anti-bribery and corruption policies, and whistleblower reporting procedures, which apply to all employees, contractors, personnel, and agents across the globe.
It reflects our commitment to uphold the highest standards of ethical conduct and our dedication to honesty and integrity which have always been at the core of Virtusa’s belief system.
OAs part of the digital engineering services we provide our clients, we are responsible for ensuring that our clients’ data is protected and securely handled throughout the entire course of business. We have implemented defense in depth to reduce risks from external threats to our business operations and data. Virtusa has a well-defined and established information security management system (ISMS) and is certified against ISO 27001:2013 standard. Our information security management systems are built using industry best practices and standards – ISO 27001, HITRUST, National Institute of Standards and Technology (NIST) Cybersecurity Framework, MITRE ATT&CK, CIS Benchmarks, and client requirements.
Our information security program has board oversight, with responsibility cascading to our Chief Information Security Officer and Business Information Security Officer. Our Information Security Management Policy outlines the governance structures, monitoring, and compliance requirements for protecting our data and systems. Our information security management program undergoes an annual audit against ISO 27001-2013 and assessments against HITTRUST, SOC 1 and SOC 2, and PCI DSS. The ISO 27001:2013 certification covers 21 technology centers in India, Sri Lanka, the U.K., the U.S., Singapore, Hungary, and Sweden.
We recognize the importance of privacy to our clients, employees and prospective employees, contractors, and visitors to our offices and website. Accountability for privacy compliance sits at the highest level, and our data privacy organization is responsible for maintaining the global privacy program. The Virtusa data privacy management framework aims to demonstrate privacy compliance and safeguards for personal data entrusted to us.
Key elements of our approach to privacy compliance include:
Virtusa’s Business Continuity Program (BCP) is considered the industry gold standard. We hold ourselves to a higher standard when it comes to executing effective business continuity.
Our robust business continuity management framework is aligned and certified for ISO 22301:2019 Security and Resilience – Business Continuity Management Systems (BCMS). The BCMS team carries out annual BCM Risk Assessments at the company, contract, asset, services, and geographic location levels.
Virtusa BCP protocols include:
Virtusa’s Business Continuity Program (BCP) is considered the industry gold standard. We hold ourselves to a higher standard when it comes to executing effective business continuity.
Our robust business continuity management framework is aligned and certified for ISO 22301:2019 Security and Resilience – Business Continuity Management Systems (BCMS). The BCMS team carries out annual BCM Risk Assessments at the company, contract, asset, services, and geographic location levels.
Virtusa BCP protocols include: