Human Rights

Human Rights

Our Commitment

As a signatory to the “United Nations Global Compact”, Infosys Limited supports the protection and elevation of human rights in accordance with the United Nations Universal Declaration of Human Rights, United Nations Guiding Principles on Business and Human Rights (“UN Guiding Principles”) and the International Labor Organization’s Declaration on Fundamental Principles and Rights at Work (“ILO Declaration”). We are signatories to the UN Women’s Empowerment Principles and the “UN Standards of Conduct for Business” in tackling discrimination against Lesbian, Gay, Bi, Trans and Intersex people.

A fundamental tenet of the Infosys Code of Conduct and Ethics is ‘Respecting Each Other.’ This articulates our commitment to provide an equal opportunity workplace free of discrimination or harassment. Our Human Rights Statement provides a broad framework to ensure that all employees are treated with respect and dignity and that a common set of principles apply to our business practices to ensure that we do not condone human rights violations or abuses. Our Supplier Code of Conduct helps us manage and address this important aspect of sustainable business in our supply chains.

Scope and coverage of Human Rights due diligence process

Infosys is committed to provide a safe and positive work environment. In keeping with this philosophy, the organisation has an open- door policy. Training on Infosys values and the Code of Conduct and Ethics, in which our stance is enshrined, is an integral part of our induction program for new employees. In addition, every employee confirms their acceptance of the Code each year. Employees are also mandated to complete the Smart Awareness Quiz (SAQ) every year which contains learning and assessments on the Code and the human-rights related topics. Year- round email campaigns on human rights topics serve as a reminder to employees on the expectation of maintaining a respectful workplace for everyone.

We have adopted an integrated Enterprise Risk Management (ERM) framework that is implemented across the organization by the risk management office. Our ERM framework is developed by incorporating the best practices based on COSO and ISO 31000 and then tailored to suit our unique business requirements. Human Rights risks are a part of our ERM framework. Our enterprise risk management function enables the achievement of the company’s strategic objectives by identifying, analyzing, assessing, mitigating, monitoring and governing any risk or potential threat to these objectives. While this is the key driver, our values, culture, and commitment to stakeholders (employees, customers, investors, regulatory bodies, partners and the community around us) are the foundation of our ERM framework.

Human Rights Risk Assessment Process

Our risk assessment process covers our employees, value chain partners and new business activities. The organization commissioned a human rights assessment of its India operations in 2022. The findings of the report were used to incorporate appropriate changes to processes and practices. Human Rights assessments are conducted periodically, as guided by Management.

In fiscal 2023, we launched our Responsible Supply Chain and Supplier Diversity Policy. The Supplier Code of Conduct was also reviewed and updated. We also launched an exclusive ESG learning portal for our suppliers which includes learning modules on human rights. Our Supplier ESG assessments also cover human rights in our supply chains.

Risk Mitigation and Remediation Process

Based on the assessment results, at Infosys we have identified areas of strength as well as those that require strengthening and are working towards closing these gaps.

Material Human Rights Topics for Infosys

Material Topics

Risks

Mitigation & Remediation

Equal Opportunity

Discrimination based on race, color, religion, disability, gender, national origin, sexual orientation, gender identity, gender expression, age, genetic information, military status, or any other legally protected status.

A non-inclusive workplace for diverse employees

  • Include Diversity Equity and Inclusion (DEI) as a part of the Infosys Code of Conduct and Ethics
  • Conduct DEI sensitization and awareness for managers, employees and contractors
  • Set up robust grievance redressal mechanisms
  • Establish Employee Resource Groups to help create a safe, inclusive and respectful workplace for minority groups
  • Rollout a Responsible Supply chain policy
  • Facilitate appropriate Policy supports
  • Create Hybrid work models
  • Conduct Unconscious bias training across all levels of the organization
  • Rollout Inclusive policies and practices
  • Create a DEI policy
  • Establish strong feedback and grievance redressal systems
  • Establish Employee resource groups

Harassment Free Workplace

Sexual harassment and harassment based on pregnancy, childbirth or related medical conditions, race, religious creed, color, national origin or ancestry, physical or mental disability, medical condition, marital status, age, sexual orientation, or any other type of harassment.

Violating regulatory requirements

Withholding employee rights to expression and association

Violating regulatory requirements

Violating human rights

Exploitation of children (any person below the age of 18 years)

  • Establish a strong anti-sexual harassment initiative and governance
  • Mandate training on Anti-sexual harassment for all employees and contractors
  • Set up robust, anti-retaliatory grievance redressal mechanisms
  • Conduct sensitization training for employees and contractors
  • Ensure employee rights to expression and association within the realm of legal framework in each of our locations.
  • Review and respond to employee feedback shared via different forums with respect to Company policies and practices.
  • Include a clause against forced labor a part of the Infosys supplier Code of Conduct
  • Conduct periodic assessments to ensure compliance
  • Include clauses against child labor as a part of the Infosys supplier Code of Conduct
  • Conduct periodic assessments to ensure compliance

Health & Safety

Unsafe and unhealthy workplace

  • Communicate a HSE policy for the organization HSE Policy English (infosys.com)
  • Mandate HSEMS training as a part employee induction programs.
  • Conduct awareness on occupational health related topics
  • Conduct job-specific and generic training for contractual staff during induction and later through refresher training
  • Certify the Health, Safety and Environmental (HSE) Management System at Infosys to ISO 45001;2018 in line with the HSE Strategy ensuring adherence to all applicable legislations
  • Conduct proactive risk assessments to identify hazards for all existing / new / modified activities, process, products or services and implement measures to minimize or control impacts, and monitor them in a structured manner
  • Facilitate necessary medical assistance to all personnel working on our campuses in line with policy guidelines
  • Establish Occupational Health & Safety (OH&S) committees at each of our campuses and offices comprising of cross-functional teams
  • Share best practices on health and safety with suppliers and encourage them to implement the same in their organizations

Data Privacy

Non-compliance to data privacy laws across the globe may lead to penalties and may impact company’s brand image.

Non-adherence to contractual requirements/obligations may lead to financial penalties.

Lack of DP awareness among resulting in personal data breaches and hence causing distress to data subjects whose personal data has been breached.

  • Establish Privacy information management system (PIMS)
  • Conduct regular training and awareness campaigns to sensitize stakeholders on data privacy
  • Embed privacy by design into the organization’s culture
  • Automate data privacy controls.
  • Establish robust incident handling and data subject rights requests process
  • Strengthen compliance on cross border data transfers and data deletion
  • Ensure regular Tracking and monitoring of contractual obligations.
  • Strengthen assessments and audits
  • Prioritize certification of sites with ISO 27701 certification

Business Ethics

Bribery and corruption

Reputational risks

Reputational risk owing to poor ESG performance.

Fines and penalties owing to regulatory non-compliance

  • Integrate ABAC into the Infosys Code of Conduct
  • Integrate ABAC into the Supplier Code of Conduct
  • Strengthen awareness and education for all stakeholders
  • Articulate ESG Vision 2030 and ambitions and communicate progress on the same annually through publicly available reports