WNS (HOLDINGS) LTD 10-K Cybersecurity GRC - 2025-05-13

Page last updated on May 26, 2025

WNS (HOLDINGS) LTD reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-05-13 11:50:22 EDT.

Filings

10-K filed on 2025-05-13

WNS (HOLDINGS) LTD filed a 10-K at 2025-05-13 11:50:22 EDT
Accession Number: 0001193125-25-118506

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. Cybersecurity Cybersecurity Risk Management & Strategy WNS has integrated cybersecurity as a pivotal component of its service delivery strategy, aligning with leading security standards. The WNS cybersecurity framework is structured along “security by design” principles, encompassing risk identification and assessment, implementation of preventive and detective controls, 24x7 monitoring, proactive threat hunting, focused employee awareness training, and robust cyber-attack preparedness and response strategies. WNS maintains strong governance mechanisms for all business operations, thereby ensuring that cybersecurity risks are appropriately managed, accepted, or transferred through oversight of various levels of management. These mechanisms are further strengthened through the presence of stringent policies, procedures, standards, and guidelines, ensuring consistency and comprehensiveness of cybersecurity controls across WNS’ business. In response to evolving threats, WNS has instituted well-defined incident response policies and procedures, accompanied by incident notification protocols and playbooks for various scenarios. Furthermore, the organization conducts regular red-teaming exercises and cybersecurity drills to evaluate effectiveness of its defense, response and recovery mechanisms as well as to enhance stakeholder awareness. WNS ensures that any third parties that have access to WNS’ systems or data, comply with our security requirements, including through specific clauses incorporated into our agreements with them. A cybersecurity due diligence process has been established for the effective assessment and management of cybersecurity risks associated with the use of third parties. Third party service providers are required to establish and maintain reasonable safeguards against the destruction, loss, alteration of, or unauthorized access to WNS or its client data managed by them. WNS has demonstrated its commitment to transparency and accountability through annual attestations, including SSAE 18/ISAE 3402 SOC 1 Type II and SOC 2 Type II assessments conducted by a reputable audit firm. In addition, WNS is certified for ISO 27001: 2022 information security management standard as well as for PCI DSS for its operations related to card holder data processing. Certification audits for ISO 27001: 2022 and PCI-DSS are conducted annually by reputed certification bodies. In fiscal 2025, WNS did not identify any cybersecurity threats that have materially affected or are reasonably likely to materially affect our business strategy, results of operations, or financial condition. Governance At WNS, governance for the cybersecurity program is led by the Chief Risk Officer who heads the Risk Management function. This function operates independently of other operations and support units and includes other key positions vital for our cybersecurity program, such as the Chief Information Security Officer and Data Protection Officer. The Chief Information Security Officer has over 25 years of experience of working and leading teams in the field of cyber security. The Chief Risk Officer reports into the Company’s Risk Committee, which comprises its Group CEO (Chairman), Group CFO, and Group CPO. The Risk Committee meets at least once every quarter to discuss cybersecurity strategies, status of existing programs, and key risks and events. WNS’ executive leadership across the organization ensures that cybersecurity policies are appropriately established, aligned with organizational objectives, and effectively communicated throughout the organization. WNS’ Board also reviews and discusses the state of the company’s cybersecurity program with the company’s Risk Management team on an annual basis through a standing discussion item in the Board Meeting. In addition to the above, key aspects of the company’s cybersecurity program, including new initiatives, progress of key activities, and critical events, are discussed with the company’s Audit Committee on a quarterly basis. Under the leadership of the CISO, WNS’ security organization consists of a team with specialized subgroups such as Cybersecurity Governance & Strategy, Solution and Architecture Design, Risk Assessment & Audit, Application Security, and Security Operations Center This governance structure ensures that WNS maintains a comprehensive approach to risk management, with clear accountability, regular strategic direction and discussions, and a dedicated team focused on addressing cybersecurity challenges effectively.

Company Information