Information Security Management System Policy
RSM International and all Member Firms have defined their ISMS Policy as below:
The Management and employees of RSM International Limited, and individually its Member Firms, are committed to preserving the confidentiality, integrity, and availability of the physical and electronic information assets managed by either RSM International Limited, or individually by its Member Firms, to preserve alignment with network and Member Firm goals and reduce the information-related risks at the network and local Member Firm level to acceptable levels.
As a means of fulfilling these commitments, RSM International Limited and its Member Firms are in the process of establishing and maintaining an Information Security Management System (ISMS) in line with the ISO/IEC 27001:2013 standard.
RSM International Limited has adopted Information Security objectives and performance parameters that reflect the effectiveness of the ISMS. RSM International Limited has also established a programme where over time, each of its Member Firms will have adopted similar Information Security objectives and performance parameters. These objectives and parameters are appropriate to the services provided by RSM International Limited to its Member Firms and are also
appropriate for each Member Firm based on the services the Member Firm offers to its clients. The security objectives and performance parameters of RSM International Limited, and individually its Member Firms, shall be monitored to demonstrate continual improvement of the ISMS. The control objectives are designed to be supported by specific, documented policies and procedures where appropriate.
All employees of RSM International Limited, as well as third party service providers, are expected to comply with the ISMS. In addition, all employees of RSM International Limiteds Member Firms, as well as third party services providers of each individual Member Firm are expected to comply with the ISMS when the ISMS is adopted by the Member Firm. Any significant non-compliance after adoption of the ISMS will be considered a breach, inviting suitable action.
The Information Security Oversight Committee and top management of RSM International Limited and its Member Firms are committed to driving compliance to the ISMS across RSM International Limited and its Member Firms.
This policy will be reviewed at least annually.
Jean Stephens
Chief Executive Officer