RWS AR 23 Final Single pages - Flipbook - Page 35
GOVERNANCE AND REPORTING
CYBER SECURITY
As an AIM listed company, RWS has chosen to implement
The Quoted Companies Alliance Corporate Governance
Code (the QCA Code). The principles and disclosures laid
out by the QCA Code provide a framework to ensure we
have the appropriate governance arrangements in place.
The Board believes that it complies with all the principles
of the QCA Code; see pages 77 to 80 for details of our
compliance, which is reviewed annually in line with the
requirements of the QCA Code.
RWS understands that its cyber security preparedness
must continue to evolve to address the changing nature
of risk. The strategic security posture for RWS is set by
the Information Security Steering Committee ("ISSC"),
chaired by the CIO. This group includes stakeholders from
all relevant business units to collaborate on continual
improvement of increasing awareness and supporting a
consistent risk-based approach to information security.
Furthermore, the ISSC provides oversight and governance
of information security risks. The Information Security
Management System ("ISMS") is the framework that
underpins the globally recognised ISO 27001:2013
certi昀椀cation. We hold this for our hosted product solutions,
Regulated Industries division, IP Services division and their
supporting services, people, processes and technology.
Visit pages 67 to 68 of our 2023 ESG Report to learn more.
CORPORATE GOVERNANCE STRUCTURE
The Chairman leads the Board and has overall
responsibility for corporate governance and promoting
the values of the Group, both internally to colleagues and
externally to the broader stakeholder group. The CEO
manages the day-to-day operations of the Group.
To learn more about RWS’s Corporate Governance
Structure, see pages 74 to 81.
FY23 INVESTOR AND OTHER
RECOGNITION
Board of Directors
During FY23 the Group had:
As at 30 September 2023
Female
50%
Male
50%
MANAGING RISKS
Identifying and managing risks fundamental
to protecting the business, our people and our
communities as well as delivering long-term
shareholder value. The Board routinely monitors risks
that could materially and adversely a昀昀ect the Group’s
ability to achieve strategic goals, its 昀椀nancial condition
and the results of its operations. The Board is supported
by senior management who collectively play a key role in
risk management and regularly report to the Board.
Ten of our 12 principal business risks are relevant to
ESG and these are set out in the table on page 66 of
the 2023 ESG Report.
•
ISO 9001: applicable in 45 o昀케ces, 38 o昀케ces
certi昀椀ed and 7 o昀케ces compliant
•
ISO 17100: applicable in 39 o昀케ces, 32 o昀케ces
certi昀椀ed and 7 o昀케ces compliant
•
ISO 18587: applicable in 37 o昀케ces, 30 o昀케ces
certi昀椀ed and 7 o昀케ces compliant
•
ISO 27001: applicable in 16 o昀케ces, 9 o昀케ces
certi昀椀ed and 7 o昀케ces compliant
•
ISO 13485: applicable in 8 o昀케ces, 1 o昀케ce certi昀椀ed
and 7 o昀케ces compliant
•
ISO 21500: applicable in 12 o昀케ces, 12 o昀케ces
compliant
•
ISO 14001: applicable in 21 o昀케ces, 5 o昀케ces
certi昀椀ed and 16 o昀케ces compliant
All applicable sites are sites providing services which are in scope of the
ISO certi昀椀cation within the reporting year.
DATA PROTECTION
TAX TRANSPARENCY
RWS is committed to being a responsible corporate
citizen within each jurisdiction in which it operates
and does not use 'tax haven' countries or other tax
avoidance arrangements as part of its tax planning. Visit
the Corporate Governance Report on page 74 for more
information.
RWS has adopted the EU GDPR and UK Data Protection
Act 2018 as its benchmark for data protection. We have a
comprehensive set of policies which re昀氀ect the applicable
privacy legislation and identify processes, procedures
and practices focused on the protection of personally
identi昀椀able information. RWS does not undertake detailed
pro昀椀ling of consumers on behalf of clients. Data provided
by clients is never sold or rented. As required to perform
the services, RWS will disclose data between a昀케liate
companies and approved third party subcontractors;
appropriate data processing agreements are in place to
govern these transfers. Visit page 68 of our 2023 ESG
Report to learn more about our data protection policies.
STRATEGIC REPORT
RWS Holdings plc — Annual Report 2023
35
