rsm's Impact
> Our Firm
Impact Report



RSM’s information security mission is to elegantly protect the confidentiality, integrity and availability of RSM and client data

To support this mission, our leadership team drives continuous improvement and includes appropriate levels of oversight, leadership participation and a risk-based approach to the control of protected information. Our people undergo information security and privacy awareness training upon hire and annually thereafter. This training includes ongoing phishing detection training.

We also have a dedicated information security team. Our chief information security officer leads the information security team which includes, but is not limited to, security operations, cyber incident response, security architecture and engineering, and information security governance.

Our information security standards are aligned with an internationally recognized industry standard for security, the ISO/IEC 27001 framework, and are guided by security requirements specific to our operating environment, as well as by laws and regulations relevant to our firm. Information security best practices are also taken into consideration.

Information security incident management 

We actively monitor vulnerabilities, as well as potential security threats and events. We use industry-standard prevention and detection tools, including intrusion prevention systems, intrusion detection systems, data loss prevention, and security information and event management to protect our network. We also have an incident response plan and incident response task force that are engaged in the event of an incident.

Information security in vendor relationships

At RSM we perform a security review on vendor cloud-based solutions that store or access confidential information. Vendor contracts include confidentiality clauses and security, privacy, data integrity and data breach provisions, as needed. Contractor and other nonemployee contracts include a requirement to comply with our acceptable use and information security policy.

Collection, usage and retention of personal information

We collect, use and retain personal information subject to our publicly available privacy policy. As described in our privacy policy, we process such data for several purposes, including to provide services to clients. This data may be retained for as long as is necessary for the purposes described in our privacy policy, to achieve the purposes for which the information was collected or as permitted under applicable law. We have a dedicated privacy office led by our enterprise privacy leader and our privacy program is aligned with the ISO/IEC 27701 framework.

RSM’s commitment to sustainability