Information security policy

Published on 9, September, 2022

RSM Spain is one of the main national auditing, tax, legal advisory and business consulting organizations. In Spain they have six offices.
They have a client portfolio that includes local and multinational companies, from the most diverse sectors, that operate nationally and internationally.
Aware that Information Security is essential for the competitiveness of the company, and therefore for its survival has implemented an Information Security system based on the ISO 27001:2022 standard.
This Policy is established as a framework in which all the company's activities must be carried out, the scope of which is “The information systems that provide support for auditing, consulting, advisory and outsourcing services for companies” according to the current version of the Declaration of Applicability, witch guarantees clients and other interested parties the commitment required.

RSM takes into account the following pillars for the annual establishment of objectives:

  • Protection of personal data and people's privacy.
  • Protection of Organization records.
  • Compliance and conformity with the legislative and contractual requirements applicable to the company's activity in terms of security.
  • Mandatory training on information security issues in the terms established in the security policy relating to human resources.
  • Compliance with the controls and security measures established in the security policies, and the disciplinary process defined in the Workers' Statute in Chapter VII (Disciplinary Regime), in case of intentional safety violations.
  • Communication of security incidents detected based on established policies.

To achieve compliance with the previous principles, it is necessary to implement a set of security measures that guarantee the effectiveness of the efforts made. All measures adopted have been established after adequate risk analysis of RSM's information assets.

This policy will be communicated to all members of the organization, who must comply and ensure compliance with the provisions of the RSM’s ISMS, and will be available to interested parties. To guarantee compliance with the provisions of the ISMS, the Management delegates responsibility for supervision, verification and monitoring of the system in the Security Committee, which has the necessary authority and independence and provision of the appropriate resources, to guarantee the correct operation of the ISMS.

Finally, Management is committed to providing the necessary means and adopting the appropriate improvements throughout the Organization, to promote the prevention of
risks and damages to assets, thus improving the efficiency and effectiveness of ISMS.

The information security controls implemented because of the results obtained from risk analysis, which are carried out periodically.
Regarding the information assets of our organization, they will take special care in compliance with the legal aspects associated with the treatment of the people's data information. The requirements of the current Spanish Data Protection Law and the European Personal Data Regulation (GDPR) will be considered in all aspects involving our business activities.