Security/Cybersecurity Positioning Statement

RSM Honduras ha definido su Política del SGSI de la siguiente manera:

La Gerencia y los empleados de RSM Honduras se comprometen a mantener la confidencialidad, integridad y disponibilidad de los activos de información físicos y electrónicos administrados por RSM Honduras, para preservar la concordancia con sus objetivos y reducir los riesgos para la información a niveles aceptables.

Con el fin de cumplir con estos compromisos, RSM Honduras ha establecido, mantiene y mejora continuamente un Sistema de Gestión de Seguridad de la Información (SGSI) conforme a la norma ISO/IEC 27001:2022.

RSM Honduras ha adoptado objetivos de Seguridad de la Información y parámetros de rendimiento que reflejan la eficacia del SGSI. RSM Honduras también ha establecido objetivos y parámetros de rendimiento de Seguridad de la Información que son apropiados para los servicios proporcionados a sus clientes. Los objetivos de seguridad y los parámetros de desempeño de RSM Honduras, serán monitoreados para demostrar la mejora continua del SGSI. Los objetivos de control están diseñados para ser respaldados por políticas y procedimientos específicos y documentados cuando corresponda.

Se espera que todos los empleados de RSM Honduras, así como los proveedores de servicios externos, cumplan con el SGSI. Cualquier incumplimiento grave después de la adopción del SGSI se considerará una infracción, lo cual conlleva la adopción de medidas adecuadas.

El Comité de Seguridad de la Información y Ciberseguridad y la alta dirección de RSM Honduras se comprometen a promover el cumplimiento del SGSI.

Esta política será revisada al menos una vez al año.

Managing Partner

For more information about our policies please contact [email protected]

RSM International Limited – Information Security / Cybersecurity Positioning Statement

RSM International and its member firms take the security and protection of client data and information as paramount in ensuring that confidential client information is protected. This statement is provided as a summary of certain practices relating to information security that are undertaken.

RSM International security requirements supplement any, and all local regulatory requirements that a member firm has, including, but not limited to, data protection and privacy.

All RSM member firms are required to have in place commercially accepted standards of physical and IT technology security to prevent information / data loss, damage to data, alteration of data or it’s destruction.

RSM member firms follow generally accepted standards and procedures to deal with Cybersecurity threats and risks for the territories in which they operate.

Access to data is only available to authorised individuals and is controlled and monitored to maintain safety and confidentiality. Employees are educated to limit the potential of them inadvertently compromising information security.

All RSM member firms agree to comply with a set of core IT security standards across a range of key areas of IT controls. RSM member firms agree to have IT security policies, procedures and systems in place at the member firm level designed to ensure compliance with the following RSM International core IT / Cyber security areas:

• Security Policies
• Access Control
• Virus Control
• Personal Computer Operating Systems
• Server and Network Maintenance
• Employee Training
• Backup
• Disaster Recovery Planning
• Incident Response
• System Hardening

All member firms are annually surveyed against the core IT security areas. 

A database is maintained which details the security position as reported through the annual survey of each member firm in adherence to the core IT standards. This is reviewed by the RSM Global Executive Office with oversight by the RSM IT Committee. Where there is a shortfall in meeting all the standards, member firms are directed to detail a plan of action to meet the standards and report on the progress in achieving compliance.

Misuse of RSM name and brand

In the event that the RSM name and brand is illegally used in fraudulent scam and phishing emails, letters or phone calls, fraudsters may: 

• use the name of RSM personnel to give the impression that a scam communication is genuine; 
• use 'lookalike' website domains and websites which look similar to genuine RSM sites; 
• use 'lookalike' email addresses which are similar to the genuine email addresses of RSM personnel; and/or 
• impersonate RSM personnel. 

You should exercise caution if you receive any unexpected or unusual communications which purport to come from RSM. We are aware that there have been attempts to use domain names similar to our Member Firms' to impersonate RSM and our personnel.  
If you receive any communication purporting to be from RSM or any of its personnel about which you are uncertain or suspicious, we suggest that you do not respond and particularly do not provide personal or confidential information. Please check whether a communication is genuine by getting in touch with your usual RSM contact or by contacting [email protected]