Security at RWS
At RWS we understand that information security is important to our customers. As a global organisation, we have adopted the ISO 27001 framework to provide structure to our information security management system (ISMS).
Using this widely accepted and industry recognised framework provides RWS with a robust baseline from which to meet customer requirements. This approach has enabled us to achieve ISO27001:2013 certification for many of our products, services and supporting people, processes and technology. Further details can be found on our current ISO27001 certificate.
On this page we have added some of our high-level information security policies in addition to product specific security related documentation. If you have any further information security related queries, please contact us.
FAQs
Please describe your initial selection and risk assessment process for suppliers/ vendors.
Does RWS have a Supplier management program for security?
Describe how you identify and manage the information security vulnerabilities in your IT systems, including change management processes.
Describe how you secure applications through the system development lifecycle including how you develop and test changes to applications.
Do you use a tool to track incidents, changes and problems?
Does RWS have an Acceptable Use Policy?
What is the retention policy for customer data?
Is there an Asset Management process?
Is there a Patch Management process?
Is there a Change Management process?
Has RWS implemented a formalized approval process for logical access requests based on the principles of least privilege?
Is there a risk assessment program that has been approved by management, communicated to relevant employees and an owner appointed to maintain the program?
Describe the key elements of the RWS security risk management program
Does RWS consider Data Privacy?
Does RWS have ISO 27001 certification?
Does RWS have SOC 2 type II attestation
Is an established, published, and annually approved security program in place?
Does RWS have a dedicated information security owner and/or team responsible for information security?
Is there an information security policy which has been approved by management, communicated to all personnell?
Please list your information security policies. Are such policies reviewed and updated regularly, and accessible to all RWS personnel?
Our policies are reviewed at least annually. Internal documents may be viewed on site or remotely viewed by the client during an audit under NDA / MNDA.
RWS Group ISMS Information Security Policy
RWS Group Information Security Policy
RWS Group Security Risk Management Policy (Internal)
RWS Group Security Testing Policy (Internal)
RWS Group Logical Access Policy (Internal)
RWS Group Business Continuity Policy (Internal)
RWS Group Global Classification & Handling Policy (Internal)
RWS Group Information Security Incident Management Policy (Internal)
RWS Group Physical Security Policy (Internal)
RWS Group Privacy Policy (Internal)
RWS Group IT System Policy (Internal)
RWS Group Cryptographic Controls Policy (Internal)
RWS Group Supplier Security Management Policy (Internal)
RWS Group Secure Software Development Policy (Internal)
RWS Group ISMS Acceptable Use Policy (Internal)
RWS Group ISMS Security Exceptions Policy (Internal)
Our policies are published on the corporate Intranet and available to all RWS employees, policies are regularly communicated to RWS employees via mandatory security & privacy awareness and training.