Appendix 5. GRI Standards Compliance Index
Kaspersky presents its GRI Standards Report for the period from July 1, 2022 to December 31, 2023.
| Indicator | Disclosure | Comments | Report page | |
|---|---|---|---|---|
| General Disclosures | ||||
| GRI 2–1 | Organizational details | Parent company name: Holding Company Kaspersky Labs Limited (registered in the UK). The main legal entity in the Russian Federation is AO Kaspersky Lab. The organization is headquartered at 39A/2 Leningradskoe Shosse, Moscow, 125212, Russian Federation. Legal information: https://www.kaspersky.ru/legal.ru | ||
| GRI 2–2 | Entities included in the organization’s sustainability reporting | Appendix 1 | ||
| GRI 2–3 | Reporting period, frequency and contact point | Kaspersky’s Sustainable Development Report covers the period from July 1, 2022 to December 31, 2023. Further sustainable development reports will be published annually, around the same time as the financial statement. | ||
| GRI 2–4 | Restatements of information | No information was restated. | ||
| GRI 2–5 | External assurance | This Report has not been externally certified. | ||
| GRI 2–6 | Activities, value chain and other business relationships | Value chain, Products | ||
| GRI 2–7 | Employees | |||
| GRI 2–8 | Workers who are not employees | All workers are Kaspersky’s employees. | ||
| GRI 2–9 | Governance structure and composition | |||
| GRI 2–10 | Nomination and selection of the highest governance body | Corporate governance | ||
| GRI 2–11 | Chair of the highest governance body | Corporate governance | ||
| GRI 2–12 | Role of the highest governance body in overseeing the management of impacts | Managing sustainable development | ||
| GRI 2–13 | Delegation of responsibility for managing impacts | |||
| GRI 2–15 | Conflicts of interests | The Company has adopted a declaration policy concerning its participation in any other companies in the capacity of founding members, shareholders or board members. Concurrent participation is not allowed without the consent of Kaspersky’s board of directors or governing board. Members of the board of directors and the governing board only hold governing positions at companies owned by or affiliated with Kaspersky Labs Ltd. During the reporting period, there were no cases of members of the Company’s senior management bodies concurrently participating in other organizations without the consent of the board of directors or governing board. | ||
| GRI 2–16 | Communication of critical concerns | Managing sustainable development | ||
| GRI 2–17 | Collective knowledge of the highest governance body | To improve the awareness and expertise of the highest management body in matters concerning sustainable development, representatives of the board of directors and the governing board regularly take part in training events with external experts. | ||
| GRI 2–18 | Evaluation of the performance of the highest governance body | The annual shareholder meeting conducts a regular performance assessment of the board of directors and the governing board. This evaluation serves as the basis for restructuring to improve the operational management of the Company. No assessment criteria were introduced during the reporting period to evaluate the management bodies’ activities regarding the supervision of the Company’s impact management on the economy, environment and social sphere. | ||
| GRI 2–19 | Remuneration policies | At the time of this Report, the Company’s remuneration policy did not specifically take into account the effectiveness of managing the Company’s impact on the economy, social sphere and environment. | ||
| GRI 2–20 | Process to determine remuneration | Corporate governance | ||
| GRI 2–21 | Annual total compensation ratio | This information is not disclosed due to limitations imposed by the Company’s internal confidentiality policy. | ||
| GRI 2–22 | Statement on sustainable development strategy | ESG strategy | ||
| GRI 2–23 | Policy commitments | ESG strategy | ||
| GRI 2–24 | Embedding policy commitments | |||
| GRI 2–25 | Processes to remediate negative impacts | Data protection, Corporate governance | ||
| GRI 2–26 | Mechanisms for seeking advice and raising concerns | Data protection, Corporate governance | ||
| GRI 2–27 | Compliance with laws and regulations | During the reporting period, no incidents of Kaspersky failing to comply with legislation or any regulatory requirements were recorded; no fines or any other liabilities for violations of the law were imposed on the Company. | ||
| GRI 2–28 | Membership associations | |||
| GRI 2–29 | Approach to stakeholder engagement | Stakeholder engagement | ||
| GRI 2–30 | Collective bargaining agreements | Kaspersky has no practice of collective bargaining agreements due to a lack of demand for them among employees. | ||
| Material Topics | ||||
| GRI 3–1 | Process to determine material topics | Material topics of the Report | ||
| GRI 3–2 | List of material topics | Material topics of the Report | ||
| Indirect Economic Impacts | ||||
| GRI 203–1 | Infrastructure investments and services supported | |||
| Anti‑corruption | ||||
| GRI 205–1 | Operations assessed for risks related to corruption | Corporate governance | ||
| GRI 205–2 | Communication and training about anti‑corruption policies and procedures | Ethics and Transparency | ||
| GRI 205–3 | Confirmed incidents of corruption and actions taken | Ethics and Transparency | ||
| Energy | ||||
| GRI 302–1 | Energy consumption within the organization | Reducing our carbon footprint | ||
| GRI 302–4 | Reduction of energy consumption | Safer Planet | ||
| Water and Effluents | ||||
| GRI 303–1 | Interactions with water as a shared resource | The locations of the Company’s offices are not qualified as water stress regions. | Water usage | |
| GRI 303–2 | Management of water discharge‑related impacts | Safer Planet | ||
| GRI 303–3 | Water withdrawal | Safer Planet | ||
| GRI 303–4 | Water discharge | Safer Planet | ||
| GRI 303–5 | Water consumption | Safer Planet | ||
| Emissions | ||||
| GRI 305–1 | Direct (Scope 1) GHG emissions | The methodology of data collection and calculation of the total amount of direct greenhouse gas emissions across all of the Company’s facilities (Scope 1) has yet to be developed and the data will be presented in subsequent reports. | ||
| GRI 305–2 | Energy indirect (Scope 2) GHG emissions | The methodology of data collection and calculation of the total amount of indirect greenhouse gas emissions (Scope 2) has yet to be developed and the data will be presented in subsequent reports. | ||
| GRI 305–5 | Reduction of GHG emissions | Reducing our carbon footprint | ||
| GRI 305–6 | Emissions of ozone‑depleting substances (ODS) | Not applicable. The Company does not produce any ODS emissions. | ||
| GRI 305–7 | Nitrogen oxides (NOx), sulfur oxides (SOx) and other significant air emissions | Not applicable. The Company does not produce any emissions of these pollutants into the atmosphere. | ||
| Waste | ||||
| GRI 306–1 | Waste generation and significant waste‑related impacts | Waste management | ||
| GRI 306–2 | Management of significant waste‑related impacts | Safer Planet | ||
| GRI 306–3 | Waste generated | Safer Planet | ||
| GRI 306–5 | Waste directed to disposal | Safer Planet | ||
| Employment | ||||
| GRI 401–1 | New employee hires and employee turnover | |||
| GRI 401–2 | Benefits provided to full‑time employees that are not provided to temporary or part‑time employees | Social policy | ||
| GRI 401–3 | Parental leave | |||
| Occupational Health and Safety | ||||
| GRI 403–1 | Occupational health and safety management system | The occupational health and safety management system at all of Kaspersky’s offices within the scope of disclosure in this Report complies with the requirements of applicable employment legislation in the Company’s regions of presence. The system includes regular employee training and regular special workplace assessment in all divisions, as well as a risk management and accident investigation system and measures to improve working conditions. The main criterion for the system’s effectiveness is zero on‑the‑job injuries. | ||
| GRI 403–2 | Hazard identification, risk assessment, and incident investigation | During the reporting period, no accidents related to occupational risks were recorded at the Company. | Occupational safety and health protection | |
| GRI 403–4 | Worker participation, consultation, and communication on occupational health and safety | People Empowerment | ||
| GRI 403–5 | Worker training on occupational health and safety | People Empowerment | ||
| GRI 403–6 | Promotion of worker health | People Empowerment | ||
| GRI 403–8 | Workers covered by an occupational health and safety management system | People Empowerment | ||
| GRI 403–9 | Work‑related injuries | People Empowerment | ||
| GRI 403–10 | Work‑related ill health | During the recording period, no incidents of work‑related ill health were recorded at Kaspersky. | ||
| Training and Education | ||||
| GRI 404–1 | Average hours of training per year per employee | Training and development | ||
| GRI 404–2 | Programs for upgrading employee skills and transition assistance programs | Training and development | ||
| GRI 404–3 | Percentage of employees receiving regular performance and career development reviews | Talent management | ||
| Diversity and Equal Opportunity | ||||
| GRI 405–1 | Diversity of governance bodies and employees | |||
| GRI 405–2 | Ratio of basic salary and remuneration of women to men | Appendix 3 | ||
| Non‑discrimination | ||||
| GRI 406–1 | Incidents of discrimination and corrective actions taken | During the reporting period, no incidents of discrimination were detected. | ||
| Child labor | ||||
| GRI 408–1 | Operations and suppliers at significant risk for incidents of child labor | The Company does not use child labor or employ employees under 18 years of age. | ||
| Forced or Compulsory Labor | ||||
| GRI 409–1 | Operations and suppliers at significant risk for incidents of forced or compulsory labor | The Company does not use forced or compulsory labor. | ||
| Local Communities | ||||
| GRI 413–1 | Operations with local community engagement, impact assessments, and development programs | Engagement with local communities | ||
| Customer Privacy | ||||
| GRI 418–1 | Substantiated complaints concerning breaches of customer privacy and losses of customer data | Data protection | ||