ISMS Policy

Published on February 24, 2025

RSM Poland Audyt Sp. z o.o. have defined their ISMS Policy as below:


The Management and employees of RSM Poland Audyt Sp. z o.o., are committed to preserving the confidentiality,
integrity, and availability of the physical and electronic information assets managed by RSM Poland Audyt Sp. z o.o.


As a means of fulfilling these commitments, RSM Poland Audyt Sp. z o.o. is in the process of establishing and maintaining
an Information Security Management System (ISMS) in line with the ISO/IEC 27001:2022 standard.


RSM Poland Audyt Sp. z o.o. has adopted Information Security objectives and performance parameters that reflect the
effectiveness of the ISMS. RSM Poland Audyt Sp. z o.o. has also established these objectives and parameters are
appropriate to the services provided by RSM Poland Audyt Sp. z o.o. based on the services the Firm offers to its clients.
The security objectives and performance parameters of RSM Poland Audyt Sp. z o.o., shall be monitored to demonstrate
continual improvement of the ISMS. The control objectives are designed to be supported by specific, documented policies
and procedures where appropriate.


RSM Poland Audyt Sp. z o.o. is committed to:

  • Protecting information assets from unauthorized access, disclosure, alteration, and destruction.
  • Ensuring the availability and reliability of critical information systems.
  • Complying with applicable legal, regulatory, and contractual obligations.
  • Continuously improving the ISMS based on regular assessments and feedback.
     

Suppliers and third parties:

  • Must comply with this ISMS Policy and any specific information security requirements outlined in contracts or
    agreements.
  • Are responsible for implementing and maintaining appropriate security controls to protect information.
  • Must immediately report any actual or suspected security incidents, data breaches, or non-compliance with this
    policy.
     

Information Security Team:

  • Monitors compliance with this policy and conducts regular risk assessments.
  • Provides guidance and support on information security matters to suppliers and third parties.
     

All employees of RSM Poland Audyt Sp. z o.o., as well as third-party service providers, are expected to comply with the
ISMS. Any significant non-compliance after the adoption of the ISMS will be considered a breach, inviting suitable action.
 

RSM Poland Audyt Sp. z o.o. reserves the right to:

  • Conduct regular audits and assessments of suppliers to ensure compliance with this policy.
  • Request evidence of information security practices, including policies, procedures, and risk assessments.
  • Terminate agreements with suppliers in case of repeated or severe non-compliance with this policy.
     

The top management of RSM Poland Audyt Sp. z o.o. is committed to driving compliance to the ISMS across RSM
Poland Audyt Sp. z o.o.
 

This policy will be reviewed at least annually.