Appendix 5. GRI Standards Compliance Index

Kaspersky presents its GRI Standards Report for the period from July 1, 2022 to December 31, 2023.

Indicator Disclosure Comments Report page
General Disclosures
GRI 2–1 Organizational details Parent company name: Holding Company Kaspersky Labs Limited (registered in the UK). The main legal entity in the Russian Federation is AO Kaspersky Lab. The organization is headquartered at 39A/2 Leningradskoe Shosse, Moscow, 125212, Russian Federation. Legal information: https://www.kaspersky.ru/legal.ru
GRI 2–2 Entities included in the organization’s sustainability reporting Appendix 1
GRI 2–3 Reporting period, frequency and contact point Kaspersky’s Sustainable Development Report covers the period from July 1, 2022 to December 31, 2023. Further sustainable development reports will be published annually, around the same time as the financial statement.
GRI 2–4 Restatements of information No information was restated.
GRI 2–5 External assurance This Report has not been externally certified.
GRI 2–6 Activities, value chain and other business relationships Value chain, Products
GRI 2–7 Employees

People Empowerment

Appendix 3

GRI 2–8 Workers who are not employees All workers are Kaspersky’s employees.
GRI 2–9 Governance structure and composition

Managing sustainable development

Corporate governance

GRI 2–10 Nomination and selection of the highest governance body Corporate governance
GRI 2–11 Chair of the highest governance body Corporate governance
GRI 2–12 Role of the highest governance body in overseeing the management of impacts Managing sustainable development
GRI 2–13 Delegation of responsibility for managing impacts  

Managing sustainable development

Corporate governance

GRI 2–15 Conflicts of interests

The Company has adopted a declaration policy concerning its participation in any other companies in the capacity of founding members, shareholders or board members. Concurrent participation is not allowed without the consent of Kaspersky’s board of directors or governing board. Members of the board of directors and the governing board only hold governing positions at companies owned by or affiliated with Kaspersky Labs Ltd.

During the reporting period, there were no cases of members of the Company’s senior management bodies concurrently participating in other organizations without the consent of the board of directors or governing board.

GRI 2–16 Communication of critical concerns Managing sustainable development
GRI 2–17 Collective knowledge of the highest governance body To improve the awareness and expertise of the highest management body in matters concerning sustainable development, representatives of the board of directors and the governing board regularly take part in training events with external experts.
GRI 2–18 Evaluation of the performance of the highest governance body The annual shareholder meeting conducts a regular performance assessment of the board of directors and the governing board. This evaluation serves as the basis for restructuring to improve the operational management of the Company. No assessment criteria were introduced during the reporting period to evaluate the management bodies’ activities regarding the supervision of the Company’s impact management on the economy, environment and social sphere.
GRI 2–19 Remuneration policies At the time of this Report, the Company’s remuneration policy did not specifically take into account the effectiveness of managing the Company’s impact on the economy, social sphere and environment.
GRI 2–20 Process to determine remuneration Corporate governance
GRI 2–21 Annual total compensation ratio This information is not disclosed due to limitations imposed by the Company’s internal confidentiality policy.
GRI 2–22 Statement on sustainable development strategy ESG strategy
GRI 2–23 Policy commitments ESG strategy
GRI 2–24 Embedding policy commitments

ESG strategy

Corporate governance

GRI 2–25 Processes to remediate negative impacts Data protection, Corporate governance
GRI 2–26 Mechanisms for seeking advice and raising concerns Data protection, Corporate governance
GRI 2–27 Compliance with laws and regulations During the reporting period, no incidents of Kaspersky failing to comply with legislation or any regulatory requirements were recorded; no fines or any other liabilities for violations of the law were imposed on the Company.
GRI 2–28 Membership associations

ESG strategy

Appendix 2

GRI 2–29 Approach to stakeholder engagement Stakeholder engagement
GRI 2–30 Collective bargaining agreements Kaspersky has no practice of collective bargaining agreements due to a lack of demand for them among employees.
Material Topics
GRI 3–1 Process to determine material topics Material topics of the Report
GRI 3–2 List of material topics Material topics of the Report
Indirect Economic Impacts
GRI 203–1 Infrastructure investments and services supported

Digital security

Engagement with local communities

Anti‑corruption
GRI 205–1 Operations assessed for risks related to corruption Corporate governance
GRI 205–2 Communication and training about anti‑corruption policies and procedures Ethics and Transparency
GRI 205–3 Confirmed incidents of corruption and actions taken Ethics and Transparency
Energy
GRI 302–1 Energy consumption within the organization Reducing our carbon footprint
GRI 302–4 Reduction of energy consumption Safer Planet
Water and Effluents
GRI 303–1 Interactions with water as a shared resource The locations of the Company’s offices are not qualified as water stress regions. Water usage
GRI 303–2 Management of water discharge‑related impacts Safer Planet
GRI 303–3 Water withdrawal Safer Planet
GRI 303–4 Water discharge Safer Planet
GRI 303–5 Water consumption Safer Planet
Emissions
GRI 305–1 Direct (Scope 1) GHG emissions The methodology of data collection and calculation of the total amount of direct greenhouse gas emissions across all of the Company’s facilities (Scope 1) has yet to be developed and the data will be presented in subsequent reports.
GRI 305–2 Energy indirect (Scope 2) GHG emissions The methodology of data collection and calculation of the total amount of indirect greenhouse gas emissions (Scope 2) has yet to be developed and the data will be presented in subsequent reports.
GRI 305–5 Reduction of GHG emissions Reducing our carbon footprint
GRI 305–6 Emissions of ozone‑depleting substances (ODS) Not applicable. The Company does not produce any ODS emissions.
GRI 305–7 Nitrogen oxides (NOx), sulfur oxides (SOx) and other significant air emissions Not applicable. The Company does not produce any emissions of these pollutants into the atmosphere.
Waste
GRI 306–1 Waste generation and significant waste‑related impacts Waste management
GRI 306–2 Management of significant waste‑related impacts Safer Planet
GRI 306–3 Waste generated Safer Planet
GRI 306–5 Waste directed to disposal Safer Planet
Employment
GRI 401–1 New employee hires and employee turnover

Talent management

Appendix 3

GRI 401–2 Benefits provided to full‑time employees that are not provided to temporary or part‑time employees Social policy
GRI 401–3 Parental leave

Social policy

Appendix 3

Occupational Health and Safety
GRI 403–1 Occupational health and safety management system The occupational health and safety management system at all of Kaspersky’s offices within the scope of disclosure in this Report complies with the requirements of applicable employment legislation in the Company’s regions of presence. The system includes regular employee training and regular special workplace assessment in all divisions, as well as a risk management and accident investigation system and measures to improve working conditions. The main criterion for the system’s effectiveness is zero on‑the‑job injuries.
GRI 403–2 Hazard identification, risk assessment, and incident investigation During the reporting period, no accidents related to occupational risks were recorded at the Company. Occupational safety and health protection
GRI 403–4 Worker participation, consultation, and communication on occupational health and safety People Empowerment
GRI 403–5 Worker training on occupational health and safety People Empowerment
GRI 403–6 Promotion of worker health People Empowerment
GRI 403–8 Workers covered by an occupational health and safety management system People Empowerment
GRI 403–9 Work‑related injuries People Empowerment
GRI 403–10 Work‑related ill health During the recording period, no incidents of work‑related ill health were recorded at Kaspersky.
Training and Education
GRI 404–1 Average hours of training per year per employee Training and development
GRI 404–2 Programs for upgrading employee skills and transition assistance programs Training and development
GRI 404–3 Percentage of  employees receiving regular performance and career development reviews Talent management
Diversity and Equal Opportunity
GRI 405–1 Diversity of governance bodies and employees

Corporate culture and business ethics

Appendix 3

GRI 405–2 Ratio of basic salary and remuneration of women to men Appendix 3
Non‑discrimination
GRI 406–1 Incidents of discrimination and corrective actions taken During the reporting period, no incidents of discrimination were detected.
Child labor
GRI 408–1 Operations and suppliers at significant risk for incidents of child labor The Company does not use child labor or employ employees under 18 years of age.
Forced or Compulsory Labor
GRI 409–1 Operations and suppliers at significant risk for incidents of forced or compulsory labor The Company does not use forced or compulsory labor.
Local Communities
GRI 413–1 Operations with local community engagement, impact assessments, and development programs Engagement with local communities
Customer Privacy
GRI 418–1 Substantiated complaints concerning breaches of customer privacy and losses of customer data Data protection