RWS Annual Report 2022 web - Flipbook - Page 35
MANAGING RISKS
CYBER SECURITY AND DATA PROTECTION
The Board routinely monitors risks that could materially
and adversely affect the Group’s ability to achieve
strategic goals, its financial condition and the results of
its operations. Eight of our 12 principal business risks
are relevant to ESG, and these are set out in the table on
the below. In addition to these known principal risks, we
continue to identify and analyse emerging ones including
those related to ESG, such as climate risks.
The strategic security posture for RWS is set by the
Information Security Steering Committee ("ISSC"), chaired
by the CIO who is the executive sponsor for security.
This group includes stakeholders from all divisions and
selected business units to collaborate on the continual
improvement of the Information Security Management
System ("ISMS") which also helps drive our integration
programme, increases awareness and supports a
consistent risk-based approach to information security.
Principal risk
Related ESG topic/sustainable
business priority
Loss of a key client
Community – on-time delivery, right
first time, innovating and inspiring
our clients
Geopolitical
Our people and communities –
potential to impact all – health,
safety and well-being of our people
and communities
Failure to attract,
engage, retain and
develop key talent
Our people – inspiring, rewarding
and supporting our people
Cyber security
Governance – treating data with
care and due diligence
Community – potential to impact all
Failure of a businesscritical partner, JV
relationship, supplier or
national infrastructure
RWS continues to expand its Information Security
Management System (ISMS) which is the framework
that underpins the globally recognised ISO 27001:2013
certification. We hold this for our hosted product
solutions, Regulated Industries division, IP Services
division and their supporting services, people, processes
and technology. RWS also holds SOC2 certificates for its
Cloud Operations and Language Services functions. The
ISMS provides a robust baseline which gives RWS the
agility to develop further the controls necessary to meet a
variety of sector specific information security compliance
requirements if identified as being in the business
interest.
FY22 investor and other recognition
New technology
Governance – harness innovation
and efficiencies
Legislative/regulatory
risk
Governance – potential to impact all
During FY22
the Group had:
Climate change and
natural disasters
Environment – potential to impact
all – well-being of our people and
communities
•
ISO 9001: applicable in 49 offices, 40 offices certified and
9 offices compliant
•
ISO 17100: applicable in 45 offices, 36 offices certified
and 9 offices compliant
•
ISO 18587: applicable in 43 offices, 34 offices certified
and 9 offices compliant
•
ISO 27001: applicable in 17 offices, 8 offices certified and
9 offices compliant
•
ISO 13485: applicable in 10 offices, 1 office certified and
9 offices compliant
•
•
ISO 21500: applicable in 13 offices, 13 offices compliant
TAX TRANSPARENCY
RWS manages its tax affairs responsibility and seeks to build
constructive relationships with all tax authorities. During
the year, the Board reviewed and approved the Group’s
Tax Strategy, with the CFO providing regular updates to
the Board on tax matters. The approach RWS has taken in
relation to the management of tax issues is to ensure that:
•
We comply with all applicable laws, disclosure
requirements and regulations in the territories in which we
do business
•
We have an open and transparent working relationship
with the relevant tax authorities around the world
•
Where considered appropriate, the Group takes advice
from professional firms
•
Tax risks are appropriately managed in accordance with
the tax strategy
•
Our tax planning is aligned with the Group’s commercial
and business activities and does not use 'tax haven'
countries or other tax avoidance arrangements as part of
its tax planning
ISO 14001: 5 offices certified and 5 offices compliant
*Applicable sites are sites providing services which are in scope of the ISO
certification within the reporting year.
STRATEGIC REPORT RWS — Annual Report 2022
35
