ESG 23 Final Single pages - Flipbook - Page 67
TAX TRANSPARENCY
CYBER SECURITY
RWS manages its tax a昀昀airs responsibility and seeks to
build constructive relationships with all tax authorities.
Cyber security is the practice of defending computers,
services, mobile devices, electronic systems, networks
and data from unauthorised access. Cyber incidents have
been on the rise in recent years, driven by increased
connectivity, remote working, reliance on technology,
and automation. RWS understands that its cyber security
preparedness must continue to evolve to address the
changing risk.
During the year, the Board reviewed and approved the
Group’s Tax Strategy, with the Board and Audit Committee
receiving regular updates on tax matters.
The approach RWS has taken in relation to the
management of tax issues is to ensure that:
•
We comply with all applicable laws, disclosure requirements and regulations in the territories in which we do
business
•
We have an open and transparent working relationship
with the relevant tax authorities around the world
•
Where considered appropriate, the Group takes advice
from professional 昀椀rms
•
Tax risks are appropriately managed in accordance with
the tax strategy
•
Our tax planning is aligned with the Group’s commercial
and business activities and does not use 'tax haven'
countries or other tax avoidance arrangements as part
of its tax planning
As an employer of more than 7,900 colleagues across 33
countries and over 65 o昀케ces globally, RWS also makes
signi昀椀cant tax payments in respect of payroll taxes, valueadded taxes and business/premises taxes.
The strategic security posture for RWS is set by the
Information Security Steering Committee (ISSC), chaired
by the CIO. This group includes stakeholders from all
relevant business units to collaborate on continual
improvement of increasing awareness and supporting a
consistent risk-based approach to information security.
Furthermore, the ISSC provides oversight and governance
of information security risks.
The Information Security Management System (ISMS) is
the framework that underpins the globally recognised
ISO 27001:2013 certi昀椀cation. We hold this for our hosted
product solutions, Regulated Industries division, IP
Services division and their supporting services, people,
processes and technology. RWS also holds SOC2
certi昀椀cates for its Cloud Operations function. The ISMS
provides a robust baseline which gives RWS the agility
to further develop the controls needed to meet a variety
of sector speci昀椀c information security compliance
requirements, if identi昀椀ed as being in the business
interest. Our ongoing work to improve and expand the
scope of our certi昀椀ed ISMS ensures the implementation
and external validation of internationally recognised
information security controls which bene昀椀t both RWS and
our clients.
Acknowledging that security risks will always exist, our
organisation adheres to a suite of information security
policies which provide high level security guidance to all
RWS functions in several areas including, but not limited to
risk management; physical security; privacy, and incident
management. They set out our approach to supporting
business aims and objectives whilst ensuring a consistent
approach to the management of risk.
The analysis of security risks in accordance with these
approved policies and processes identi昀椀es threats,
considers the likelihood of the threat materialising and
assesses any potential impact on business objectives. This
structured approach informs decision makers and allows
them to identify whether mitigation is appropriate and if
so, what form it should take. This could, for example be to
implement technical controls or update processes which
reduce the risk to an acceptable level, or even to stop an
activity altogether. Selection of appropriate mitigating
measures or controls are informed by advice and
guidance from the security team but is the responsibility
of the asset/risk owner. If the owner of an asset is unable
to address the risk satisfactorily, it can be escalated to
FRAMEWORKS RWS Holdings plc — ESG Report 2023
67
