RSM Australia achieves leading information security standard

27 April 2020 3 min. read
More news on

Mid-tier accounting and consulting firm RSM has achieved ISO 27001 certification. 

The 27001 certification by ISO – an independent and non-governmental organisation that develops quality standards – is geared at information security. The standard outlines a process-based approach to initiating, implementing, operating and maintaining information security management systems. Companies that comply are able to demonstrate excellence in the field, enabling them to protect their most vital assets such as employee and client information. 

Dealing with much sensitive client and employee data, amid an environment of growing online risks, RSM recently embarked on its ambition to achieve the ISO 27001 certification. “The primary motivation was to enhance our current processes involved in the protection of client data, and build a culture which is conscious of security risks to our firm,” explained Jamie O’Rourke, RSM’s Chairman for Australia.

“Building trusted client relationships is a key pillar of our strategy to expand and grow in the market. Maintaining the security of our client data is intrinsically linked to this. In the era of an increased threat of cyber-attacks on any firm, we saw the critical need to demonstrate our commitment to information security to our clients,” he added.

RSM has achieved ISO 27001 certificationThe professional services firm selected BSI to facilitate the process and as its ISO 27001 auditor. “We choose BSI because of their prior experience in dealing with RSM [the UK member firm] and a positive reference from industry peers. The feedback we received from their auditors was helpful in establishing an effective information security governance.”

As part of the implementation, RSM beefed up its internal controls for information security, in a company-wide approach led from the top. “We received amazing support from all executives in the business,” said O’Rourke, “and we involved the whole business, not just the IT function.” 

RSM appointed ISO 27001 champions from each line of function (audit, tax, consulting, etc) who worked with the Information Security team to fall in line with the requirements and ultimately pass the rigorous audit checks performed by BSI’s auditors. 

With success – RSM has now achieved the certification covering all its 32 offices in Australia, with Chris Meehan, Chief Operating Officer for Australia at BSI, confirming: “Strict measures have been taken to protect valuable company data.” Leaving O’Rourke delighted: “We take pride to become the first mid-tier accounting firm in Australia to hold this certification.”

However, RSM’s Chairman quickly added that the news will not see the firm rest on its laurels. “ISO is no silver bullet to solve the crisis of every changing cyber threats to our firm. Our people and systems will continue to be targeted by cyber adversaries. As a firm, we will continue to educate our staff on security threats and implement the right systems or processes required to safeguard our information assets.”