Rekor Systems, Inc. - (REKR)
10-K Filing Date: March 25, 2024
Rekor recognizes the critical importance of developing, implementing, and maintaining robust cybersecurity measures to safeguard our information systems and protect the confidentiality, integrity, and availability of our data and our exposure management solutions. Our assessment and management of material risks from cybersecurity threats are integrated into our overall risk management processes. We implement and maintain various technical, physical, and organizational measures, processes, standards and policies designed to manage and mitigate material risks from cybersecurity threats to our information systems and data depending on the environment.
We have an established policy on information security, as well as overall corporate information, workforce and workplace standards policies. These are collectively designed to establish auditable procedures for information security oversight by management, including: 1) identification of different types and forms of information, 2) guidelines for acceptable use and dissemination of information, 3) handling use and destruction of information, 4) personnel and physical site security, 5) incident reporting and response, 6) recovery plans, and 7) standards for web-based applications, communications and mobile devices. Three levels of security procedures have been identified as relating to the sensitivity of the information we manage in connection with different operations. Our policies call for the individuals assigned to these procedures to review and certify them annually and to recommend changes where appropriate. All breaches are required to be reported to senior management and the Board, together with a report on response and recovery, as well as recommendations to address further challenges.
Our information security procedures are overseen by our Chief Information Security Officer, supported by our Chief Technology Officer and our IT Manager, who are responsible to provide regular reports to our Chief Executive Officer and Chief Financial Officer as well as the technology and social responsibility committee and the governance committee of our Board. These procedures are responsible for identifying, assessing, and managing cybersecurity threats and risks and work to monitor and evaluate our threat environment and risk profile using various methods. These methods include evaluating our and our industry’s risk profile, coordinating with law enforcement concerning select threats, and engaging with third parties to conduct external audits and threat assessments for certain systems.
Our Information Security Policy and procedures are reviewed on an ongoing basis. These procedures are implemented by our Chief Information Security Officer, assisted by Managed Service Provider (“MSP”). Our MSP has over 15 years of experience and possesses various cybersecurity certifications. Third-party service providers can assist us from time to time in identifying, assessing, and managing material risks from cybersecurity threats, including for example cybersecurity consultants and software providers, managed cybersecurity service providers, threat intelligence service providers, forensic investigators, penetration testing firms, dark web monitoring services, and professional services firms, including legal counsel and auditors. By partnering with these specialized providers, we can leverage their insights and expertise to implement cybersecurity strategies and processes that are designed to align with industry best practices.
Our senior management evaluates material risks from cybersecurity threats against our overall business objectives and this evaluation and the management of material risks from cybersecurity threats is integrated into our overall risk management processes. This integration is designed to ensure that cybersecurity considerations are part of our decision-making processes. In addition, the Board’s Technology and Social Responsibility Committee includes a member who has had extensive experience in cybersecurity, including in particular cybersecurity standards for smart city transportation systems.
See Risk Factors in this Annual Report on Form 10-K for a description of the risks from cybersecurity threats that may materially affect us and how they may do so.