Item1C.

Cybersecurity

 

We maintain a cyber risk management program designed to identify, assess, manage, mitigate, and respond to cybersecurity threats. This program is integrated within the Company’s enterprise risk management system and addresses both the corporate information technology environment and customer-facing products.

 

The underlying controls and processes of our cyber risk management program are consistent with recognized practices and standards for cybersecurity and information technology, including the National Institute of Standards and Technology (“NIST”) Cybersecurity Framework and the International Organization Standardization 27001 Information Security Management System Requirements.

 

We utilize third-party software to provide continuous monitoring of our infrastructure and to coordinate the investigation and remediation of alerts. A program for staging incident response drills is intended to prepare support teams in the event of a significant incident.

 

Cyber partners are also a key part of our cybersecurity infrastructure. We partner with leading cybersecurity companies and organizations, leveraging third-party technology and expertise. We engage periodically with these partners to monitor and maintain the performance and effectiveness of cybersecurity products and services that are deployed in our environment.

 

The Chief Financial Officer, who is responsible for assessing and managing our cyber risk management program, informs senior management regarding the prevention, detection, mitigation, and remediation of cybersecurity incidents and supervises such efforts. The Chief Financial Officer has experience selecting, deploying, and operating cybersecurity technologies, initiatives, and processes, and relies on threat intelligence as well as other information obtained from governmental, public or private sources, including external consultants.

 

 

The Audit Committee of the Board of Directors oversees cybersecurity risk exposures and the steps taken by management to monitor and mitigate cybersecurity risks. The cybersecurity team briefs the Audit Committee on the effectiveness of our cyber risk management program, typically on a quarterly basis. In addition, cybersecurity risks are reviewed by the Board of Directors, at least annually, as part of the Company’s corporate risk mapping exercise.

 

We face risks from cybersecurity threats that could have a material adverse effect on our business, financial condition, results of operations, cash flows or reputation. We have experienced, and will continue to experience, cyber incidents in the normal course of our business. However, prior cybersecurity incidents have not had a material adverse effect on our business, financial condition, results of operations, or cash flows. See “Risk Factors – Risks Relating to Our Business – We may have risks associated with security of our information technology systems”.

 

Back SEC Filing Thank you for subscribing