Technology

PwC maintains various types of technology assets to provide automation to improve processes, strengthen controls, and enable the business and client delivery teams. To protect these assets, baseline security configuration standards are important for the implementation of network devices, databases, servers, user endpoints, mobility devices and cloud computing.

The PwC Information Security Policy (ISP) has been developed to ensure the confidentiality, integrity, and availability of the information and technology assets (e.g., IT applications, systems, and facilities) used by the member firms and is aligned to ISO/IEC 27002:2013 Information technology - Security techniques Code of Practice for Information Security Management industry standard.

PwC has established processes and procedures for performing periodic vulnerability scans of IT systems. These procedures specify the use of multiple vulnerability scanning software packages, the creation of vulnerability assessment reports, and the presentation of vulnerability scanning results to the IT operations organization.

Additionally, PwC has established Information Protection Principles that are designed to meet the requirements of applicable laws and regulations involving data protection. These Principles address information handling requirements throughout the information lifecycle. PwC is bound by the AICPA Code of Conduct, which imposes client confidentiality requirements on all accounting firms. In addition, our internal Global Code of Conduct states the following:

“We respect the confidentiality and privacy of our clients, our people and others with whom we do business. We comply with applicable laws, regulations and professional standards in order to maintain the appropriate degree of confidentiality and privacy.”