RSM International Limited – Information Security / Cybersecurity Positioning Statement
RSM International and its member firms take the security and protection of client data and information as paramount in ensuring that confidential client information is protected. This statement is provided as a summary of certain practices relating to information security that are undertaken.
RSM International security requirements supplement any, and all local regulatory requirements that a member firm has, including, but not limited to, data protection and privacy.
All RSM member firms are required to have in place commercially accepted standards of physical and IT technology security to prevent information / data loss, damage to data, alteration of data or it’s destruction.
RSM member firms follow generally accepted standards and procedures to deal with Cybersecurity threats and risks for the territories in which they operate.
Access to data is only available to authorised individuals and is controlled and monitored to maintain safety and confidentiality. Employees are educated to limit the potential of them inadvertently compromising information security.
All RSM member firms agree to comply with a set of core IT security standards across a range of key areas of IT controls. RSM member firms agree to have IT security policies, procedures and systems in place at the member firm level designed to ensure compliance with the following RSM International core IT / Cyber security areas:
- Security Policies
- Access Control
- Virus Control
- Personal Computer Operating Systems
- Server and Network Maintenance
- Employee Training
- Disaster Recovery Planning
- Incident Response
- System Hardening
All member firms are annually surveyed against the core IT security areas.
A database is maintained which details the security position as reported through the annual survey of each member firm in adherence to the core IT standards. This is reviewed by the RSM Global Executive Office with oversight by the RSM IT Committee. Where there is a shortfall in meeting all the standards, member firms are directed to detail a plan of action to meet the standards and report on the progress in achieving compliance.