Raymond Chabot Grant Thornton has implemented governance policies and information security procedures that take into consideration the changes in cybersecurity best practices.
1. Trained experts. Raymond Chabot Grant Thornton has a dedicated IT security management staff with up-to-date security certifications. They continue their professional development on the latest cyber threats and mitigation solutions.
2. Standards and certificates. Raymond Chabot Grant Thornton’s information security management is in line with the best industry standards and practices, such as ISO 27001. The IT security program is reviewed monthly and adapted to counter security risks and mitigate threats.
3. Protected assets. The firm’s IT assets are protected against unauthorized access by robust means and the latest software. Additionally:
- Network perimeter protected by latest generation firewalls;
- An up-to-date antivirus is installed on the servers and workstations;
- An intrusion detection and incident response service is in place;
- Sensitive information is encrypted;
- Security patches are regularly deployed on workstations and servers;
- Critical computing resources and publicly accessible platforms (such as clientAccess) are protected by two-factor authentication;
- Our data centers have physical and logical access security measures in place;
- Logical access to enterprise systems and data is based on the principles of “least privilege” and “need to know”;
- Network access accounts are reviewed regularly.
4. Recurring tests. Raymond Chabot Grant Thornton conducts annual penetration tests to confirm our systems’ resistance to cyber attacks.
5. Employee professional development. A security awareness and training program is mandatory for all employees.
6. Partner security analysis. Our third-party and cloud vendors are subject to a detailed security analysis and risk assessment. Ongoing vendor security monitoring is performed for key external partners.
7. Security audit. In accordance with the bi-annual plan, Raymond Chabot Grant Thornton hires external auditors to perform a threat and risk analysis (TRA) of the IT environment. The TRA report is used to improve the firm’s security program.