Security Positioning Statement
Published on September 2, 2024RSM International Limited – Information Security / Cybersecurity Positioning Statement
RSM International and its member firms take the security and protection of client data and information as paramount in ensuring that confidential client information is protected. This statement is provided as a summary of certain practices relating to information security that are undertaken.
RSM International security requirements supplement any, and all local regulatory requirements that a member firm has, including, but not limited to, data protection and privacy.
All RSM member firms are required to have in place commercially accepted standards of physical and IT technology security to prevent information / data loss, damage to data, alteration of data or it’s destruction.
RSM member firms follow generally accepted standards and procedures to deal with Cybersecurity threats and risks for the territories in which they operate.
Access to data is only available to authorised individuals and is controlled and monitored to maintain safety and confidentiality. Employees are educated to limit the potential of them inadvertently compromising information security.
All RSM member firms agree to comply with a set of core IT security standards across a range of key areas of IT controls. RSM member firms agree to have IT security policies, procedures and systems in place at the member firm level designed to ensure compliance with the following RSM International core IT / Cyber security areas:
- Security Policies
- Access Control
- Virus Control
- Personal Computer Operating Systems
- Server and Network Maintenance
- Employee Training
- Backup
- Disaster Recovery Planning
- Incident Response
- System Hardening
All member firms are annually surveyed against the core IT security areas.
A database is maintained which details the security position as reported through the annual survey of each member firm in adherence to the core IT standards. This is reviewed by the RSM Global Executive Office with oversight by the RSM IT Committee. Where there is a shortfall in meeting all the standards, member firms are directed to detail a plan of action to meet the standards and report on the progress in achieving compliance.
Misuse of RSM name and brand
In the event that the RSM name and brand is illegally used in fraudulent scam and phishing emails, letters or phone calls, fraudsters may:
- use the name of RSM personnel to give the impression that a scam communication is genuine;
- use 'lookalike' website domains and websites which look similar to genuine RSM sites;
- use 'lookalike' email addresses which are similar to the genuine email addresses of RSM personnel; and/or
- impersonate RSM personnel.
You should exercise caution if you receive any unexpected or unusual communications which purport to come from RSM. We are aware that there have been attempts to use domain names similar to our Member Firms' to impersonate RSM and our personnel.
If you receive any communication purporting to be from RSM or any of its personnel about which you are uncertain or suspicious, we suggest that you do not respond and particularly do not provide personal or confidential information. Please check whether a communication is genuine by getting in touch with your usual RSM contact or by contacting [email protected]