Webinar for Pharmaceutucal supply chain conference 2022 in India

1. Welcome to the 2022
PSCI India Supplier Conference
Day 3 – Ethics, Human Rights and Labor

2. PSCI @PSCInitiative
Agenda – Event day 1
Welcome & PSCI update
Lamp-lighting ceremony​ 09:30 - 09:45
Welcome from Novartis 09:45 - 10:00
Welcome from PSCI & Opening remarks 10:00 - 10:30
Safety & Process Safety Management
Safety Indicators Which Drive Safety Maturity Model 10:30 - 11:15
Networking break 11:15 - 11:30​
Business Continuity Plans (panel discussion)​ 11:30 - 12:15
Lab Safety – Risk and Prevention Opportunities 12:15 - 12:45
Lunchbreak 12:45 - 13:45
General Introduction - What is Process Safety Management 13:45 - 14:00
Hazardous Area Classification​ 14:00 - 14:45
Approach for Implementing Risk Based Process Safety Management Systems as per Centre for Chemical
Process Safety​
14:45 - 15:30
Preventative Maintenance of Safety Equipment 15:30 - 16:15

3. PSCI @PSCInitiative
Agenda – Event day 2
Welcome
Opening remarks 09:30 - 09:35
Welcome from Novartis 09:35 - 09:40
Audit
PSCI Audit Program
Practical Guidance & Panel Discussion
09:40 - 10:40
Networking break 10:40 - 11:00
Scope 3
Engaging Suppliers to Reduce Scope 3
Emissions Towards Net Zero
11:00 - 11:45
Environment
Ban on Identified Single Use Plastic – The
Whats, Whys and Hows
11:45 - 12:30
Lunchbreak 12:30 - 13:30
Environment
Climate change – Risks to Organizations 13:30 - 14:15​
Pharmaceutical in Environment / AMR​
Supplier Water Quality & Pharmaceuticals in
Environment
14:15 - 14:45
Reducing AMR Risk Through Effective Control of
Antibiotic Manufacturing Emissions
14:45 - 15:30​
PSCI Musi River Project​ 15:30 - 16:00​
Networking break 16:00 - 16:15
Case studies – Implementation of Good Practice in
Management of API Containing Waste Streams
16:15 - 17:00​
PiE/AMR analytical capability enhancement in India 17:00 - 17:30

4. PSCI @PSCInitiative
Agenda – Event day 3
Welcome
Welcome from Novartis 09:30 - 09:35
Human Rights & Labor
PSCI Human Rights & Labor Maturity Model 09:35 - 09:40
Responsible Procurement 09:40 - 10:25
Networking Session 10:25 - 10:55
Human Rights & Labor – Supplier Capability Building 10:55 - 11:40
Protecting Data With Privacy Principles 11:40 - 12:40
Lunchbreak 12:45 - 13:45
Management of Change 13:45 - 14:45
Networking break 14:45 - 15:00
Psychological Safety 15:00 - 15:45
Closing Remarks
Closing remarks 15:45 - 16:00
Networking Session 16:00 - 16:30

5. PSCI @PSCInitiative
Anti-trust statement
“While some activities among competitors are both legal and beneficial to the industry, group activities of competitors are inherently suspect under the antitrust/anti-competition
laws of the US, UK and other countries in which our companies do business. Agreements between or among competitors need not be formal to raise questions under antitrust laws,
but may include any kind of understanding, formal or informal, secretive or public, under which each of the participants can reasonably expect that another will follow a particular
course of action or conduct. Each of the participants in this meeting is responsible for seeing that topics which may give an appearance of an agreement that would violate the
antitrust laws are not discussed. It is the responsibility of each participant in the first instance to avoid raising improper subjects for discussion, such as those identified below.
It is the sole purpose of this meeting to provide a forum for expression of various points of view on topics described in the agenda and participants should adhere to that agenda.
Under no circumstances shall this meeting be used as a means for competing companies to reach any understanding, expressed or implied, which tends to restrict competition, or in
any way to impair the ability of members to exercise independent business judgment regarding matters affecting competition.
Topics of discussion that should be specifically avoided are:
i. price fixing;
ii. product discounts, rebates, pricing policies, levels of production or sales and marketing terms customer and territorial allocation;
iii. standards setting (when its purpose is to limit the availability and selection of products, limit competition, restrict entry into an industry, inhibit innovation or inhibit the
ability of competitors to compete);
iv. codes of ethics administered in a way that could inhibit or restrict competition;
v. group boycotts;
vi. validity of patents;
vii. on-going litigation;
viii. specific R&D, sales or marketing activities or plans, or confidential product, product development, production or testing strategies or other proprietary knowledge or
information.“

6. PSCI Maturity Model
Alexandra Kunde, Partner, Carnstone | PSCI Secretariat

7. PSCI @PSCInitiative
Maturity model – a short video
7

8. PSCI @PSCInitiative
PSCI supplier maturity model
The PSCI maturity models
are a roadmap helping
suppliers evaluate how
responsible their current
practices are and what
progress against the PSCI
Principles looks like.

9. PSCI @PSCInitiative
PSCI supplier maturity model
HUMAN RIGHTS & LABOR
GOVERNANCE
LABOUR RIGHTS TRAINING
NON-DISCRIMINATION
POLICY COMMITMENT
REMEDIATION / GRIEVANCE
CHANNELS
CHILD LABOUR & YOUNG WORKERS
COMMITMENT & ACCOUNTABILITY
FAIR TREATMENT
FREEDOM OF ASSOCIATION
FREELY CHOSEN EMPLOYMENT
REPORTING & TRANSPARENCY
STAKEHOLDER ENGAGEMENT
WAGES, BENEFITS & WORKING
HOURS

10. Responsible Procurement
Ashish Mohan, Vice President – Procurement & Supply chain, BSV Group

11. PSCI @PSCInitiative

12. PSCI @PSCInitiative
Does Procurement need a re-definition?
Yes No Maybe

13. PSCI @PSCInitiative
What to add ?
RPPI

14. PSCI @PSCInitiative
Definition
 Procuring goods, services, or works in a manner (ethical & sustainable) that is considerate of positive
impact , that the Organization may have on the EES (environment, the economy, and society)
 Inclusions:
 Range of considerations = or > importance profitability and the generation of value.
 Value chain enrichment : Procurement to ethical selling : Emergency procedures
 Identifying, preventing and mitigating the risks of human rights abuses in the supply chain,
including forced labour, child labour and human trafficking
 Unethical trade /manufacturing practices (conflict of interest, discrimination, human rights,
forced labor, wages, unfair treatment).
 purchasing that helps mitigate climate change, drive towards use of renewable energy and net
zero emissions

15. PSCI @PSCInitiative
Elements of Responsible Procurement
Recruitment
Environment
Legislative
Ethics
Social
Economical
RELESE
Governance
Law
enforcement
Human Rights
Political
stability

16. PSCI @PSCInitiative
Responsible Procurement Practice
Responsible
recruitment of
Procurement
resources
Identification/Selecti
on of Responsible
suppliers
Train/Educate
NO to Short-cuts
Be Responsible
payer
RELESE Responsible Recruitment
Drive Responsible Procurement evaluation criteria with appropriate weighting for the supplier selection process.

17. PSCI @PSCInitiative
Elements of Responsible Procurement
Pre COVID
COVID
Post COVID
Pollution levels
 Restrict to essential travel
 Leverage /outsource – local resources/reports (PSCI )
 Develop resources with multi-domain knowledge
RELESE
Environment
1
2
2
1

18. PSCI @PSCInitiative
Elements of Responsible Procurement
 Respect Environment
– Use efficient and effective use of energy and
materials
– Minimizing carbon emissions
– Reducing overall waste production
 Extended Producer’s Responsibility
 Limit Virgin Plastic Production
 Invest in 4R : Remove/ Reduce/ Reuse/ Recycle
 Identify , select, use local eco-friendly products
RELESE Environment

19. PSCI @PSCInitiative
Elements of Responsible Procurement
Yellow Blue
  Green
Green Dashboard
• Annual Organization progress
RELESE Environment

20. PSCI @PSCInitiative
Elements of Responsible Procurement
 Comply to law of land + law of subject globally (Nitrosoamine, GMO etc)
 Good to have transforming  must to have
– Pollution control measure : ex- China (Developing countries has taken a leap for compliance)
– Consent to establish
– Consent to operate
– Closed part of DMF
 API import registration : Local GMP
 Device registration : Oct-22 onwards
20
RELESE Legislative

21. PSCI @PSCInitiative
 Buyer and supplier codes of conduct.
 ABC, conflict of interest, Privacy
 Ethically responsible procurement of RM/API/Equipment/Services
 Supplier to ensure ethical production/procurement
– TSE/BSE compliance
– Halal certificate
– Primary packaging : (virgin materials- LDPE, HDPE, SS, Alu, etc)
– RM from reliable/approved vendor – Manufacturer produce from low quality /non- approved
sources of RM (UDCA – from Ox bile vs avian/porcine )
– Basic RM for vaccines : supply of plasma and related products
– Manpower fair pay
Elements of Responsible Procurement
RELESE Ethics

22. PSCI @PSCInitiative
Elements of Responsible Procurement
Be vigilant
 Zero tolerance for child labour, should report and take action
 Act for NO to discrimination (based on ethnicity, race, sexual orientation, religion)
 Manpower safety, food, hygiene environment
 While collar, blue collar, brown collar job –at par treatment for basic need ?
 Promote young people with training/awareness opportunities
 Support and promote CSR
22
RELESE Social

23. PSCI @PSCInitiative
Elements of Responsible Procurement
Work on TCO approach
 Import to Domestic switch of buying
 Drums to Boxes
 Plastic pallets to wooden pallets
 Alu Canisters
 RMs/Intermediate Backward integration
 Support start ups
RELESE Economical

24. PSCI @PSCInitiative
Responsible Procurement in Biotech Industry
 Challenges = Opportunity step towards Responsible Procurement
- The Lack of Experienced Teams
- The lack of digital transformation
- The lack of key performance indicators
- The Lack of internal procurement visibility
- The lack of regional suppliers

25. PSCI @PSCInitiative
Driving sustainable change
 Committed collaboration
 Transparent Engagement
 Accountability for care to
cost
Accountability
Sustainability progress should be
engraved in organization DNA
Support new
ideas & promote
young people
Accelerated
Progress
Rewards for
outcome
A culture of
performance
Engagement
Internal and external
stakeholders driven by the
desire to find & scale ideas
Commitment
Driven by organization
vision and commitment

26. PSCI @PSCInitiative
Q&A
26
You can also send your questions to
info@pscinitiative.org

27. European Business Group (EBG)
Protecting Data With Privacy Principles
Sowmya Vedarth, Partner, Deloitte
Neeru Walia, Associate Director, Deloitte
Private and Confidential Sept 2022

28. PSCI @PSCInitiative
©2022 Deloitte Touche Tohmatsu India LLP
1
Privacy – Business requirement or compliance
requirement
2 Introducing privacy
3 How can organizations be privacy ready?
4 Building a privacy ready organization with GAPP
5
Implementing key privacy requirements using GAPP
controls
6 Key takeaways
7 Questions
7 Annexure
Contents

29. Privacy –
Business requirement or compliance requirement

30. PSCI @PSCInitiative
Privacy - Business requirement or compliance requirement
Privacy laws
Outsourcing
Privacy regulations and requirements
are changing around the world
Outsourcing increases the
complexity for dealing with privacy
Different
jurisdictions have
different privacy
philosophies,
How to address often
stricter overseas
regulations
Organization
cannot outsource
its ultimate
responsibility for
privacy for its
business processes
Complexity
increases when the
entity that
performs the
outsourced service
is in a different
country

31. PSCI @PSCInitiative
Privacy - Business requirement or Compliance requirement
Denial of
consent by
individuals to
have their
personal
information
Legal liabilities and
industry or
regulatory
sanctions
Charges of
deceptive business
practices
Liability
resulting from
identity theft
and customer or
employee
distrust
Lost business and
consequential
reduction in
revenue and
market share
Disruption of
international
business
operations
2
3
4
5
7
Damage to the
organization's
reputation,
brand, or
business
relationships
1
6

32. PSCI @PSCInitiative
Here are the biggest fines and penalties assessed for data breaches or non-compliance with security
and privacy laws.
Didi
Global:
$1.19
billion
T-Mobile:
$350
million
WhatsAp
p: $255
million
T-Mobile:
$350
million
WhatsAp
p: $255
million
Amazon:
$877
million
Amazon:
$877
million
In 2021
In 2022 In 2021
Morgan
Stanley:
$120
million
In 2022
In 2022
Source : https://www.csoonline.com/article/3410278/the-biggest-data-breach-fines-penalties-and-settlements-so-far.html
Privacy Trivia

33. Introducing Privacy

34. PSCI @PSCInitiative
Evolution of privacy
Start
General Assembly of the United Nations created
the Universal Declaration of Human Rights
to recognize human rights to freedom and
defined privacy rights
• Right to private life and associated freedom
• Right to freedom of opinion and expression
1948
1950
The Council of Europe invites individual
states to sign on to European Convention on
Human Rights (ECHR) to protect human
rights and fundamental freedoms.
1960-1980
Many countries in Europe, took the
lead in implementing legislation
aimed at controlling the use of
personal information by government
agencies
1981
Council of Europe, In convention 108
took the view of the protection of
individuals with regard to Automatic
Processing of Personal Data
2018
The Directive 95/46/EC on the
protection of individuals with
regard to the processing of
personal data and on the free
movement of such data
1995
2018-2022
The GDPR was enforced on 25
May 2018 across all 28 EU
Member States
More than 10 privacy regulations
have been enacted or in draft
stage across the world. A few
examples: CCPA, CPRA, VCDPA,
PDPB India draft, China PIPL, Sri
Lanka PDPA etc.
Source: IAPP CIPP/ E -EUROPEAN DATA PROTECTION TRAINING RESOURCES

35. PSCI @PSCInitiative
History of privacy in India
2000
Notification of IT Act,
2000
The Information
Technology Act, 2000
(also known as ITA-
2000, or the IT Act)
which is an Act of the
Indian Parliament (No
21 of 2000) was
notified on 17
October 2000.
2006
The Data Privacy
Bill was tabled in
the Parliament but
was not passed
2007
Amendment to the
IT Act
A new section 43A
was introduced
into the IT Act
2011
In April 2011, the
Central Government
issued a set of Rules
under section 43A
On April 13, 2011,
India issued final
regulations
implementing parts
of the Information
Technology
(Amendment) Act,
2008,
dealing with
protection of
personal information.
2017
On August 24, it
was announced
that privacy is a
constitutionally
protected right
which emerges
from the
guarantee of life
and personal
liberty in Article
21 of the
constitution
2018
The draft Personal
Data Protection
Bill, 2018 (“PDPB”)
was released.
2019
The Aadhaar and
other Laws
(Amendment) Bill,
2019 was passed.
2019
In December 2019,
a revised draft of
the Personal Data
Protection Bill is
introduced in the
Lok Sabha. It was
passed on to the
Joint
Parliamentary
Committee (JPC)
for examination​ ​
2021
The JPC
examination
report and the
draft PDPB 2019
tabled in the 2021
winter session of
the Parliament​
2022
Government has
announced a new
comprehensive
legal framework is
being drafted and
this is already in
advance stage.

36. PSCI @PSCInitiative
How many countries have adopted the privacy legislation or
drafting the legislation?
Source : https://unctad.org/page/data-protection-and-privacy-legislation-worldwide
137 out of 194
Privacy Trivia

37. PSCI @PSCInitiative
Why is privacy more important in today’s world?
Privacy is a fundamental right of each and every individual. It is the responsibility of the organizations to protect the user personal data and
process this information by fair, lawful and transparent means.
Not obtaining user consent
Selling and re-selling the personal data
Not reporting data breaches
1
2
3
4
5
6
7
Re-using data for multiple purposes
Automated decision making
Since the GDPR took effect in May
2018, over 900 fines issued across
the European Economic Area (EEA)
and the U.K
As a result, new stringent data privacy laws were
formulated, and existing ones were modified to
protect and secure personal information.
GDPR in EU CCPA in USA
Lack of security controls
No limit for data retention
900
PIPL in China

38. PSCI @PSCInitiative
Let us understand key privacy concepts
Privacy in essence aims to safeguard data and information that may establish an individual's identity
preferences, activities etc. It's critical to enhance and strengthen the current practices that govern almost
everything from creation, processing, storing, and finally destruction of 'personal’ data that belongs to
customers, employees and vendors.
Data subject
Personal data
Controller
Sensitive
personal data
Data subject
rights
Consent
Personal data
breach
Processor

39. PSCI @PSCInitiative
How much percentage of U.S. Population are uniquely
identified by {DOB, gender, zip}?
Source :https://news.ycombinator.com/item?id=2942967
85%
Privacy Trivia

40. How can organizations be privacy ready?

41. PSCI @PSCInitiative
Imbibe data privacy principles in the way you operate
Lawfulness Purpose limitation
Integrity
Storage limitation
Data minimization
Accuracy
Be transparent and fair - Processing activities
must be performed for a specific purpose that
the user has agreed to in line with the legal
and regulatory requirements
Collect data for specified and legitimate
purposes - Data must be used for a specific
purpose that the user has been made aware
of through explicit consent
Data safeguarding – Data must be protected
from
unlawful processing or loss. Appropriate
security safeguards like encryption,
pseudonymization etc. must be implemented
Limit the data– Only the specific data
requirement to achieve the identified
purpose must be collected, stored and
processed
6
Privacy
principles
1 2
4
6
3
5

42. PSCI @PSCInitiative
Establish privacy as a culture
Data
Inventories
and data
flow
Privacy-by-
design
Privacy
framework
development
Privacy
impact
assessments
Data
Protection
program
Assessments
against
applicable
regulations
Implementing
privacy
Privacy breach
management
Developing
culture of
privacy (via
trainings)
Sustaining
privacy
Privacy
assessments
and checks
Privacy
strategy and
roadmap
development

43. PSCI @PSCInitiative
Leverage privacy standards and framework
Processor
The NIST privacy framework is
a set of controls that could
help the organizations to
identify, prioritize and mitigate
risks within their processing
environment.
NIST Framework
ISO/IEC 27701 is a privacy
extension to ISO/IEC 27001
Information Security
Management. It is an
international management
system standard that provides
guidance on the protection of
privacy.
ISO 27701- PIMS
This framework was developed
by the AICPA/CICA Privacy Task
Force to help management build
an effective plan that addresses
privacy risks, obligations and
challenge
GAPP
All businesses need to effectively address privacy as a risk management issue. Organizations shall deploy a robust
privacy management framework in line with internationally acceptable standards to addresses and monitor privacy risks
in their environment. A few of these standards are briefly described below:

44. PSCI @PSCInitiative
In the absence of PDB Bill, which legislation is applicable for
processing personal data?
Source :https://www.dataguidance.com/notes/india-data-protection-overview
GDPR – for EU data subject, if any
CCPA – For California data subject, if any
IT ACT SPDI Rules - For India data subject
it covers sensitive personal information which included passwords, financial
information, physical, physiological, or mental health conditions, sexual
orientation, medical records and history, and biometric information
Privacy Trivia

45. Building a privacy ready organization
with GAPP

46. PSCI @PSCInitiative
How can organisations benefit from GAPP?
Provides a strong base to develop a fundamental privacy
framework covering aspects related to various privacy laws
Provides a comprehensive and scalable approach to
managing privacy risks
Helps in earning trust of stakeholders
Identifies scope for improvement and competitive analysis
Reduces risks and frauds concerning personal information
It is Comprehensive
Framework of over 60 measurable and
relevant criteria, not just a list of principles
It is Objective
Developed by AICPA/CICA Privacy Task Force,
to address international expectations
It is Relevant
It is an international standard, with widespread
use and recognition and is also applicable for
evaluation entity-wide privacy risks
It is an Appropriate base for assessment
It is recognized as a suitable criteria, for
internal and external privacy assessments/
audits
1
2
3
4
GAPP provides a legislative neutral benchmark to assess current privacy state v/s the desired state

47. PSCI @PSCInitiative
Overview of Generally Accepted Privacy Principles (GAPP)
Generally Accepted Privacy Principles (GAPP) - Developed by the AICPA/CICA Privacy Task Force in 2009
10 GAPP capabilities overview
1 2 3 4 5
Management Notice Choice & Consent Collection
Use, Retention,
Disposal
6 7 8 9 10
Access Disclosure to
third parties
Security & Privacy Quality Monitoring &
Enforcement
2 3 4 5
6 7 9
8 10

48. PSCI @PSCInitiative
How can GAPP help in building a privacy
ready organization?
The following slides summaries and illustrate how GAPP can be used by organizations to
build a robust ecosystem to address, diagnose and monitor their privacy risks.
G
A
P
P
Strategising
Diagnosing
Implementing
Managing
Auditing
Source: GAPP Framework by AICPA and CICA

49. PSCI @PSCInitiative
Strategising
VISION
V
Establish vision to
integrate privacy in
and business goals
PLANNING
P
Identifying
significant
milestone to
achieve privacy
goals
RESOURCE
R
Identify people
responsible for
privacy & security
concerns
STRATEGY
R
Plan for future
developments and
privacy goals
Performing privacy strategic and business planning
Diagnosing
Implementing
Managing
Auditing
Source: GAPP Framework by AICPA and CICA

50. PSCI @PSCInitiative
Strategising
Diagnosing
UNDERSTAND
U
Understanding risks,
opportunities,
privacy policy and
practices, relevant
laws and regulatory
requirements
ASSESS
A
Provides
legislative neutral
benchmark to
assess current
privacy state v/s
the desired state
Performing privacy gaps and risk analysis
Implementing
Managing
Auditing
Source: GAPP Framework by AICPA and CICA

51. PSCI @PSCInitiative
Strategising
Diagnosing
Implementing
ASSIST
A
Assist in meeting implementation
goals. Formulated privacy
procedures, processes, brochures,
contracts, forms templates and
internal and external privacy
awareness training programs
Developing, documenting, introducing, and
institutionalising the program’s action plan, including
establishing controls over personal information
Managing
Auditing
Source: GAPP Framework by AICPA and CICA

52. PSCI @PSCInitiative
Strategising
Diagnosing
Managing
Monitoring
M
Develop appropriate reporting
criteria for monitoring request for
information, the sources used to
compile the information and the
information actually disclosed
Monitoring activities of a privacy program
Auditing
Implementing
Auditing
Source: GAPP Framework by AICPA and CICA

53. PSCI @PSCInitiative
Strategising
Diagnosing
Managing
Auditing
INTERNAL AUDIT
I
Internal auditors can
evaluate an entity’s
privacy program and
controls using GAPP
as a benchmark and
provide useful
information
EXTERNAL AUDIT
E
External auditor can
evaluate an entity’s
privacy program and
controls in
accordance with
GAPP and provide
reports
Internal or external auditors evaluating the organisation’s privacy program
Implementing
Source: GAPP Framework by AICPA and CICA

54. PSCI @PSCInitiative
In the absence of PDB Bill, which legislation is applicable for
processing personal data?
Source :https://www.dataguidance.com/notes/india-data-protection-overview
IT ACT SPDI Rules, it covers 'sensitive personal information which
included passwords, financial information, physical,
physiological, or mental health conditions, sexual orientation,
medical records and history, and biometric information.
Privacy Trivia

55. Implementing key privacy requirements
using GAPP controls and example

56. PSCI @PSCInitiative
Implementing key privacy requirements
Data Subject Rights Record and respond to data subject rights
The privacy notice is
• in plain and simple language.
• appropriately labeled, easy to see, and not in unusually small print.
• linked to or displayed on the Web site at points of data collection
and available in the national languages used on the site or in
languages required by law
Notice Example
Laura buys medicine Brand A from an online PharmaC and it’s
privacy notice states that it needs Laura’s what personal data is
collected and for what purpose to process her orders, to carry out
security checks and to whom the personal information is
disclosed to a third- party which provides order processing,
delivery and online support for them.
PharmaC need to be transparent about why they are obtaining
data, and how they will use it, and provide assurance that
personal data will not be used for anything which the data subject
wouldn’t reasonably expect them to.
What is the privacy requirement? How can we implement it?

57. PSCI @PSCInitiative
Implementing key privacy requirements
Data Subject Rights Record and respond to data subject rights
• Obtain and document individual consent in a timely
manner
• Confirm individual preferences in writing or
electronically
• Process data only in line with individual preferences
• Obtain and document consent or withdrawal of
consent to use the personal information for the new
purpose
Consent Example
• While registering Laura on the PharmaC website, she has
option to tick the check-box if she wants to receive
marketing and promotional notification from the website
• To process her order, PharmaC may require prescription,
which is a special category of personal data related to health,
hence explicit consent will be needed before her details
could be processed.
• For implicit consent, PharmaC shall provide a statement to
Laura that by clicking on the Register Button, user is giving
consent to process personal data by PharmaC as per it’s
Privacy policy
What is the privacy requirement? How can we implement it?

58. PSCI @PSCInitiative
Implementing key privacy requirements
Data Subject Rights Record and respond to data subject rights
• Monitor that the collection of personal information is
limited to that necessary for the purposes identified
in the privacy notice and that all optional data is
identified as such.
Collection Example
• Laura's got a bank account, car insurance and a mortgage
and she gave a lot of personal information about herself to
the each of these organizations.
But the information she gave them had to be relevant to her
applications and the organisation could only collect data that
they needed.
• For example, Laura’s bank doesn’t need to know about her
family details.
What is the privacy requirement? How can we implement it?

59. PSCI @PSCInitiative
Implementing key privacy requirements using GAPP controls
Data Subject Rights Record and respond to data subject rights
Access Example
What is the privacy requirement? How can we implement it?
• Explain in the privacy how individuals may gain access to their
personal information
• Outline the means by which individuals may update and correct
their personal information
• Adequately train the employees to authenticate the identity of
individuals before granting any access or changes requests
• Provide information in an understandable format in a timely
manner
• Things can change and our personal data must be correct and, where
necessary, up to date. When Laura changed her home address, she
was asked to check that all her information was up to date and
correct.
• Provide easy methods for user to exercise their data access points
through
• Email
• Webform
• Telephone
• Focus on SOP documentation and user awareness training so that
support staff ensure privacy while addressing the data subject access
request

60. PSCI @PSCInitiative
Implementing key privacy requirements using GAPP controls
Breach Notification Leader in Privacy & Security
Define, document and implement data breach management
policy
Security and Privacy Leader in Privacy & Security
Example
What is the privacy requirement? How can we implement it?
• Authentication is used to prevent unauthorized access
• Physical security is maintained over personal
information stored in hard copy form
• Encryption is used to prevent unauthorized access to
personal information sent over the Internet
• Conduct periodic risk assessments
• Assignment of responsibility and accountability for
security
• PharmaC shall have physical access control at the entry and the
exit points and ensure 24x7 surveillance cameras
• Data is stored, backed-up and protected from hackers and natural
disasters
• Encrypt data at rest
• Encrypt data in motion
• Monitor and mitigate information security risk
• Appoint CISO and DPO to strengthen Information Security and
Privacy posture

61. PSCI @PSCInitiative
Implementing key privacy requirements using GAPP controls
Breach Notification Leader in Privacy & Security
• Define and document retention policies and disposal
procedures
• Retain, store, and dispose archived and backup copies
• Ensure personal information is not kept beyond the
standard retention time
Define, document and implement data breach management
policy
Data Retention and Disposal Leader in Privacy & Security
Example
• Identify which personal data is required to be retain for
transaction integrity or regulatory or any other purpose
• Document Data Retention schedule for each departments
which holds personal data
• Set accountability to ensure data is retained only for the
defined purpose
• Conduct periodic audit to ensure secure disposal methods are
used to data deletion

62. PSCI @PSCInitiative
Implementing key privacy requirements using GAPP controls
Breach Notification Leader in Privacy & Security
• Define and document retention policies and disposal
procedures
• Retain, store, and dispose archived and backup copies
• Ensure personal information is not kept beyond the
standard retention time
Define, document and implement data breach management
policy
Data Retention and Disposal Leader in Privacy & Security
Example
• Identify which personal data is required to be retain for
transaction integrity or regulatory or any other purpose
• Document Data Retention schedule for each departments
which holds personal data
• Set accountability to ensure data is retained only for the
defined purpose
• Conduct periodic audit to ensure secure disposal methods are
used to data deletion

63. Key takeaways

64. PSCI @PSCInitiative
Q&A
64
You can also send your questions to
info@pscinitiative.org

65. Management of Change –
Application of Digital Tools
Anjali Sandesh, Associate Director, Benchmark ESG
Naveen GV, Corporate Officer & Manager Director, Benchmark ESG

66. PSCI @PSCInitiative
Agenda
 Management of Change (MOC)
 MOC related Safety Incidents in Pharma Industry
 Why do we need MOC
 Case Study – GE Healthcare’s MOC Program
 Digitization of MOC Program

67. PSCI @PSCInitiative
Management of Change
Management of Change (MOC) - a process to ensure changes do not inadvertently
introduce new hazards or hazards. MOC includes a review and authorization
process for evaluating proposed adjustments to facility design, operations,
organization, or activities prior to implementation to make certain that
no unforeseen new hazards are introduced and that the risk of existing hazards to
employees, the public, or the environment is not unknowingly increased. CCPS

68. PSCI @PSCInitiative
Why do we need MOC?
80% of all large scale
accidents in the
process industries
trace their origin back
to “Change”
Change is essential to a
company’s survival –
should continuously
improve their process
and keep up with
industry standards
Vs

69. PSCI @PSCInitiative
Safety Incidents - Pharmaceutical Industry
• Srikakulam
Ash powder blocked the boiler which led to dust explosion (August 11, 2019)
• Vizag
Hydrogen sulphide vapors leaked from a hosepipe connected to the
reactors (June 29, 2020)
• Hyderabad
Second fire started at the heavily stocked warehouse after the fire was
doused at Mfg. unit. (June 19, 2021)
• Vijayawada
Stainless Steel (SS) Reactor exploded reportedly following a gas leakage
(April 14, 2022)
• Nalgonda
Blasting of chemical reactor (August 24, 2022)
• Navi Mumbai
Cause of fire: Short-Circuit (September 24, 2022)
Key Contributing Factor: Change Management
 Facility Sitting & Design & Mechanical Integrity
 Hazard Awareness & Identification & PHA
 Safeguards, Controls & Layers of Protection
 Regulations and Regulatory Oversight
 Preventive Maintenance
 Personnel Training & Emergency Preparedness
Global process safety incidents in the pharmaceutical industry,
September 2020

70. PSCI @PSCInitiative
Management of Change - Methodology
Change
Management
People
Equipment
Process
Facility
Recognizing Change Approaching Change Management
1
• Classify the type of Change Management
2
• Commence the Change Process
3
• Review and authorize the change request
4
• Implementation of Change Request
5
• Verification of the Implemented Change Request
6
• Closure of the Change Request
7
• Periodic Effectiveness Check of the Change Request

71. PSCI @PSCInitiative
Case Study – GE Healthcare’s MOC
 MOC program is governed under Element 6 of GE’s EHS Framework
• Owned by a Leadership team member
• Requires a team to drive the program
• EHS plays a key Governance role in ensuring MOC process adoption
 MOC reviews done in 3 stages, starting with conceptual stage, approval stage & execution stage
• Process is initiated 3 to6 months ahead of change/project
• Provides adequate time for reviewing EHS compliance requirements and seeking necessary regulatory
approvals, as needed
 Project/change is initiated upon receipt of consent/approval and compliance to all requirements
• Triggers all other EHS element review
 Check & balance control through purchase requisition process
 Fully digital – a game changer to ensuring process control & closed loop

72. Management of Change
Management of Change (MOC) - a process to ensure changes do
not inadvertently introduce new hazards or hazards. MOC
includes a review and authorization process for evaluating
proposed adjustments to facility design, operations, organization,
or activities prior to implementation to make certain that no
unforeseen new hazards are introduced and that the risk of
existing hazards to employees, the public, or the environment is
not unknowingly increased. CCPS

73. Why do we need MOC?
80% of all large
scale accidents in
the process
industries trace
their origin back to
“Change”
Change is essential
to a company’s
survival – should
continuously
improve their
process and keep
up with industry
standards
Vs

74. Safety Incidents - Pharmaceutical Industry
• Srikakulam
Ash powder blocked the boiler which led to dust explosion
(August 11, 2019)
• Vizag
Hydrogen sulphide vapors leaked from a hosepipe
connected to the reactors (June 29, 2020)
• Hyderabad
Second fire started at the heavily stocked warehouse after
the fire was doused at Mfg. unit. (June 19, 2021)
• Vijayawada
Stainless Steel (SS) Reactor exploded reportedly following a
gas leakage (April 14, 2022)
• Nalgonda
Blasting of chemical reactor (August 24, 2022)
• Navi Mumbai
Cause of fire: Short-Circuit (September 24, 2022)
Key Contributing Factor: Change Management
 Facility Sitting & Design & Mechanical Integrity
 Hazard Awareness & Identification & PHA
 Safeguards, Controls & Layers of Protection
 Regulations and Regulatory Oversight
 Preventive Maintenance
 Personnel Training & Emergency Preparedness
Global process safety incidents in the pharmaceutical industry, September 2020

75. Change
Management
People
Equipment
Process
Facility
Management of Change - Methodology
Recognizing Change Approaching Change Management
1
• Classify the type of Change Management
2
• Commence the Change Process
3
• Review and authorize the change request
4
• Implementation of Change Request
5
• Verification of the Implemented Change Request
6
• Closure of the Change Request
7
• Periodic Effectiveness Check of the Change Request

76. Case Study – GE Healthcare’s MOC
• MOC program is governed under Element 6 of GE’s EHS Framework
• Owned by a Leadership team member
• Requires a team to drive the program
• EHS plays a key Governance role in ensuring MOC process adoption
• MOC reviews done in 3 stages, starting with conceptual stage, approval stage & execution stage
• Process is initiated 3 to 6 months ahead of change/project
• Provides adequate time for reviewing EHS compliance requirements and seeking necessary
regulatory approvals, as needed
• Project/change is initiated upon receipt of consent/approval and compliance to all requirements
• Triggers all other EHS element review
• Check & balance control through purchase requisition process
• Fully digital – a game changer to ensuring process control & closed loop

77. Change
Identified
Employee
(Engineering & Facility Manager)
Initiates the Change Process in the
MOC tool &
Respond MOC Checklist
Answer Screening
Questions
Execution of Change
Follow-up & PSSR
[Optional]
SME
EHS /Facility
Review
Committee
Review
Element
Review
Answer Element
Questions
Reject Request
Request is
Rejected
No
More
details
Request is Approved
No
Yes
Send to
Committee
Review
Assign
Element &
responsibilities
*
More information
• People
• Facility
• Chemical
• Process
• Regulatory
• Compliance
Requirements
• Inspection &
Preventative
Maintenance
• Training
Management
• Fire Protection
• Emergency
Preparedness &
Response
• Risk Assessment
• Ergonomics
• LOTO
• Confined Spaces
• Machine Safety &
Guarding
• PPE
• Industrial
Hygiene
• Chemical
Management
• Ionizing Radiation
• Contractor
Management
• MOC Element
Owner
• Champion
Element
Owner
Framework Elements
Case Study: GE Healthcare’s MOC Manager Implementation

78. PSCI @PSCInitiative
Benchmark ESGTM | Gensuite® MOC Manager
Initiate approval for change requests such as process/equipment changes, to ensure comprehensive
review of all compliance requirements
 Create customized management of change processes
flexible to manage all types of changes
 Capture all the information about a change via customized
checklists and file attachments
 Obtain feedback across multiple functions through a
change
request committee to sign-off on a change request
 Communicate change status via automatic email
notifications & summaries
Let’s go Online
Core Functionality

79. Change Request
Initiator
Answer Screening
Questions
Answer Screening
Questions
Execution of Change
Pre-Startup Safety
Review (PSSR)
Follow-up Recorded
Change
Leader
Review
Committee
Review
Path/Env
Review
Answer Path
Questions
Reject Request
Request is Rejected
No
More
details
Request is Approved
No
Yes
Default Steps
Optional Steps
Approve request
Send to
Committee
Review
Requires
Follow-up?
Change is closed
Assign
Paths &
responsibilities
No
Yes
* Action item assignments available
@ Actions from follow-up can be
added to the Action Tracking System
@
*
*
*
*
*
MOC Manager More details
*

80. PSCI @PSCInitiative
Thank you for joining us for day 3 of the PSCI India
Supplier Conference 2022
 naveen.gv@benchmarkdigital.com
 anjali.sandesh@benchmarkdigital.com

81. PSCI @PSCInitiative
Q&A
81
You can also send your questions to
info@pscinitiative.org

82. Psychological Safety
Dr. Rishu Roy, Professor, Shri Vaishnav Vidyapeeth Vishwavidyalaya

83. AGENDA
 Psychological Safety
 Happiness@Workplace
 Building Psychological Safety
 Psychological Safety and Quality of Work Life
 Psychological Safety and Mental Health
 Psychological Safety and Spiritual Intelligence

84. PSCI @PSCInitiative
Do High Performing Teams make lesser
mistakes than Low Performing Teams ?
A) AGREE
B) DISAGREE
POLL - Go to menti.com and enter the code ....

85. PSCI @PSCInitiative
It surprisingly turned out that high-
performing teams made more mistakes,
which was puzzling.
Fact IS .....

86. PSCI @PSCInitiative
“Impression
Management”
stops us from taking
Interpersonal Risks
Why People Don’t Speak Up??

87. PSCI @PSCInitiative
We don’t want to appear...
Ignorant
Incompetent
Intrusive
Negative
87

88. PSCI @PSCInitiative
“A shared understanding by members of
a team that the team is safe for
interpersonal risk taking”
Amy Edmondson, Harvard University, 1999
Psychological Safety
Psychological safety is being able to
show and employ oneself without fear
of negative consequences of self-image,
status or career.

89. PSCI @PSCInitiative
Scenario.....
 Uli is a long time manager known for his technical expertise. For the past two years he’s
worked as manager of team XYZ, which is responsible for running a large scale project.
He upholds very high standards, but in the past few months Uli has become increasingly
intolerant of mistakes, ideas he considers to be “underpar,” and challenges to his way of
thinking.
 Recently, Uli publically “trounced” an idea offered by an experienced team member and
spoke very negatively about that person to the wider team behind their back. Everyone
else thought the idea was strong, well-researched, and worth exploring. Ideas have since
dried up.

90. PSCI @PSCInitiative
 Uli’s ideas drove the recent project proposal, but it was ultimately rejected by the
executives because it lacked creativity and innovation.
 Debriefing questions:
- What behaviors do you see that reflect psychological safety?
- What behaviors may signal that psychological safety is lacking in the scenario?
- If psychological safety so important, why we do not share / speak ?

91. PSCI @PSCInitiative
High Lights and Low Lights...... is Engagement?

92. PSCI @PSCInitiative
Happiness @Workplace
 Happiness at work is the feeling that employee
really enjoy what they do and they are proud of
themselves, they enjoy people being around, thus
they have better performance.
 Being fully engaged at work with mindfulness is
one of the greatest sources of workplace
happiness. In fact, you can often derive a great
sense of joy from your work no matter how
menial it is by practicing mindfulness while you
work.

93. PSCI @PSCInitiative
Happiness Index
The World Happiness index 2022 sheds light on a ray of hope in these terrible times.
Global survey data to report how people rate their lives in more than 150 nations
worldwide....
Finland
Denmark
India’s Rank is 136.....
(https://dmerharyana.org/world-happiness index/#:~:text=According%20to%20the%20world%20happiness,influence%20(quality%20of)%20life.)

94. PSCI @PSCInitiative
Psychological Safety- it’s not about being nice or Happy!

95. PSCI @PSCInitiative
What is NOT Psychological Safety.....
 Sheild from Accountability
A Personality Factor
Niceness
Consensus Decision Making
Lowering Standards

96. PSCI @PSCInitiative
Building Psychological Safety
96

97. PSCI @PSCInitiative
Inclusion Safety
 Satisfies the human need - Belonginess and Connectedness
 Feel Safe to be yourself ; Accepted who you are irrespective of race, religion, color, sex etc
Learner Safety
 Satisfies the human need - Learn and Grow
 Feel Safe to engage in learning process
Stages of Psychological Safety

98. PSCI @PSCInitiative
Contributor/Collaborator Safety
Satisfies the human need - To make a difference
 Feel Safe to use of knowledge and skills to make a meaningful contribution.
Challenger Safety
 Satisfies the human need - To make things better
 Feel Safe to speak up and challenge the status quo when you think there is an opportunity to
improve.
Stages of Psychological Safety

99. PSCI @PSCInitiative
Team Progress Example
99

100. PSCI @PSCInitiative
Secrets of Effective Teams at Google- Project Aristotle
Researchers measured team effectiveness in
four different ways:
1. Executive evaluation of the team
2. Team leader evaluation of the team
3. Team member evaluation of the team
4. Sales performance against quarterly quota

101. PSCI @PSCInitiative

102. PSCI @PSCInitiative
Psychological Safety : Key Business Levers

103. PSCI @PSCInitiative
New Forms of Work and Psychological Safety
 Boundary between work and life has become increasingly blurry, managers must make staffing,
scheduling, and coordination decisions that take into account employees’ personal
circumstances — a categorically different domain
 Many off table issues like health risk comfort levels, child care, family issues are considered
important while designing the schedules.
 Thus, having psychological safe discussions in context with challenges with QWL issues can have
a deep seated touch on employees’ identities, values and choices.

104. PSCI @PSCInitiative
Psychological Safety
QWL
MH

105. PSCI @PSCInitiative
QWL - Origin
 QWL programs have existed since the early 1930s, people did not recognise them.
 It was during the 1960s-1970s when QWL became an important HR intervention in the United
States and Scandinavia.
 It was discussed for the first time in 1972 at an international labour relations conference held in
Toronto and in the same year, the international council for quality of work life was established.
 In 1986, the term ‘work life balance’ was first identified but its use in everyday language was still
sporadic for a certain number of years.

106. PSCI @PSCInitiative
Factors Affecting QWL

107. PSCI @PSCInitiative
Concerns QWL: Pharma Industries Cont...
 Long Working Hours
 Better working conditions on shop floor as well as in Office premises.
 Barriers to Diversity and Inclusion
 Lack of alignment between employee healthcare needs and employee benefits
 Lack of training on their rights and privileges – access to Human Rights and its requirements

108. PSCI @PSCInitiative
 Lack of 4C’s in HR Polices
 Better career Growth opportunities and access to new positions within the same Group of
companies.
 Other financial benefits
 Employee Engagement
Concerns QWL: Pharma Industries Cont...

109. PSCI @PSCInitiative
Unique Strategies : Modern Era
 Apple Computers office, Hindustan Unilevel has a meditation room and employees are given 30
minutes to meditate or pray.
 Prentice-Hall Publishing has a quiet room for employees where they can take mental retreats.
 Intel offers 22 weeks of maternity leave.
 SAS has low absenteeism and only 3% turnover due to no-lay-off policy, 35-hour workweeks,
flexi time and on site amenities like gym, medical clinic and message therapists.

110. PSCI @PSCInitiative
Unique Strategies : Modern Era
 Volvo changed its assembly line system which led to greater job satisfaction, low absenteeism
and turnover.
 Tata Group offers free medical aid, free telephone facility, leave with pay, accident
compensation, profit sharing bonus and retiring gratuity.
 Google India extends flexible work schedules, massage parlours, outdoor & indoor games and
sleep pods.

111. PSCI @PSCInitiative
Role of Pharma Employees and Workers - During Pandemic
 The Indian pharmaceutical industry as well as that around the world has come to the limelight
for the role it has played and continues to in order to battle against COVID-19.
 Be it through research, manufacturing or ramping up production lines, pharmaceutical
companies around the world went into overdrive mode even as the rest of the world socially
distanced itself.

112. PSCI @PSCInitiative
Vaccination (Solutions) - for the Hidden Pandemic
 In an unprecedented move, the pharma industry in India is pulled out all the stops to ensure that
the production of medicines, essential in fighting the coronavirus pandemic, does not suffer.
 Pharma Industries - came together, pooled their knowledge and shared resources like trucks ,
explained govt their requirements. Apart from keeping a distancing on the shop floor and in
canteens, Temperature-screening kiosks check every employee and companies are following
staggered shifts. Even the buses that commute employees maintain a distance and were
sanitized
 Dormitories and arrangements of hostels for the migrant workers were made even for class 4
staff in plants so that they feel safe.

113. PSCI @PSCInitiative
The Hidden Pandemic in Pharma Industry
Pharma
Workers -Emp

114. PSCI @PSCInitiative
Workers and Employees : Health Care Industry
Number of participants with mild, moderate and severe symptoms of depression, anxiety, stress
and burnout.
 PHQ-9 = People Health Quotient
 GAD-7 = General Anxiety Disorde
 IES-R = Impact of Event Scale-Revised
 MBI_EE = Emotional Exhaustion;
 MBI_PA = Personal Accomplishment
 MBI_DE = Depersonalization.

115. PSCI @PSCInitiative
Psychological Safety Mental Health
 Not able to expressoneself
 Work overload
 Toxic Work Environment
 Not valuedor Appreciated
 Feeling Alone

116. PSCI @PSCInitiative
Mental Health
 “A state of well-being in which the individual realizes his or her own abilities, can cope
with the normal stresses of life, can work productively and fruitfully, and is able to
contribute to his or her community.
 Burnout” was only approved by the WHO as an “occupational phenomenon” in May
2019 and will be officialized for the first time in the 11th revision of the ICD (ICD-11),
scheduled for the year 2022 (2, 3).

117. PSCI @PSCInitiative
Concerns - Mental Health
 Recognition and acceptance of mental health as a legitimate concern of organizations
 Effective implementation of anti-discrimination provisions
 Preventive, treatment and rehabilitation programs that address employees’ mental
health needs

118. PSCI @PSCInitiative
Next Scenario.....
 A 46 year-old male worker in one of the leading pharma company worked experienced
long working hours during Covid-19. He was very sincere and regular and was in the
good books of the supervisor. During pandemic, he became covid positive , working in
the plant but recovered.
 After recovery from Covid-19, his behavior suddenly changed. He often reports sadness
and irritability, and was recently found to be involved in physical violence with one of his
co-workers.After counselling also, his absentism did not improved and his productivity
was found to be deteriorating.

119. PSCI @PSCInitiative
Next Scenario.....
 With the death of his mother three months ago, he complains of a progression of his
depression with persistent low mood, frequent anger episodes, insomnia with early
morning awakening and passive thoughts of dying.
 Debriefing questions:
- What are various symptoms in the case that reflects poor mental health ?
- How can the mental health of such employees can be improved?

120. PSCI @PSCInitiative
Measuring Psychological Safety
To measure a team’s level of psychological safety, Edmondson asked team members how
strongly they agreed or disagreed with these statements:
1.If you make a mistake on this team, it is often held against you.
2.Members of this team are able to bring up problems and tough issues.
3.People on this team sometimes reject others for being different.
Poll - Go to www.menti.com and use the code ....

121. PSCI @PSCInitiative
4 It is safe to take a risk on this team.
5.It is difficult to ask other members of this team for help.
6.No one on this team would deliberately act in a way that undermines my efforts.
7.Working with members of this team, my unique skills and talents are valued and utilized.
Are you Psychologically Safe at Workplace ?
Poll - Go to www.menti.com and use the code ....

122. PSCI @PSCInitiative
Psychological Safety and Spiritual Intelligence
 Psychological safety - Extent to which people in an organization believe they can
perform activities
 Without experiencing stress.
 Reflects the mental state of individuals - Good Mental Health that fosters creativity and
active participation in teamwork
 Good Mental Health - are able to connect themselves with higher self and are able to
practice virtues like forgiveness, compassion and empathy.

123. PSCI @PSCInitiative
The real frontier of modernity is not artificial intelligence; it’s 3Q

124. PSCI @PSCInitiative
Spiritual Intelligence @ Workplace
 Employees high on spiritual intelligence are aware of the problems in the society,
surroundings, workplace, country and the larger universe too.
 Refrains individuals getting swayed by power, status and money, instead it helps build a
holistic approach towards the organization where an employee benefits in more ways
than one.
 Building a long lasting and a proactive employee employer relationship and in turn
enhances the overall employee wellness in the organization.

125. PSCI @PSCInitiative
Art of Developing Spiritually Intelligent Workplace
 Developing Spirituality at Workplace :
 Utilizing IQ, EI and SI levels, understand the difference between right and wrong
 Develop a goal as to what one wants to see themselves becoming to find higher purpose
at your workplace
 Remind yourself that even though the fixed path may fail, there are other paths one can
discover

126. PSCI @PSCInitiative
Q&A
126
You can also send your questions to
info@pscinitiative.org

127. Thank you for attending the 2022
PSCI Supplier Conference
info@pscinitiative.org

128. PSCI @PSCInitiative
PSCI Secretariat
Carnstone Partners Ltd
Durham House
Durham House Street
London
WC2N 6HG
info@pscinitiative.org
+44 (0) 7342 990241
About the Secretariat
Carnstone Partners Ltd is an independent management consultancy,
specialising in corporate responsibility and sustainability, with a long
track record in running industry groups.
For more information about the PSCI please contact:
pscinitiative.org info@pscinitiative.org Rosie Towe:
+44 (0) 7342 990241
PSCI @PSCInitiative
CONTACT
128