Priority Technology Holdings, Inc. - (PRTH)
10-K Filing Date: March 12, 2024
Item 1C. Cybersecurity
Risk management and strategy
We recognize the importance of maintaining the trust and confidence of the customers we serve, our business partners, employees and our stockholders and are committed to protecting the confidentiality, integrity and reliance of our business operations and systems. Effective data protection and cyber security practices, including responsible stewardship of our intellectual property and the secure processing, storage, maintenance and transmission of critical information by us and other third parties with whom we do business is vital to our operations. We have adopted policies and procedures with an intended design to identify, assess and manage risks associated with cybersecurity threats.
•We perform risk assessments periodically at both an enterprise level and system level in addition to assessments performed by third parties;
•Our information security team performs threat monitoring services;
•Our Internal Audit function performs annual reviews of selected systems and applications to test certain controls;
•Independent consultants and auditors evaluate selected systems and applications on an annual basis;
•We perform risk assessments of third-party vendors and perform ongoing risk-based monitoring of those third parties; and
•We maintain a business continuity plan for execution in the event of a cybersecurity incident.
We have not experienced any material cybersecurity incidents in the past calendar years and the expenses we have incurred from cybersecurity incidents during that time were immaterial. We have not identified risks from known cybersecurity threats that have materially affected us, including our operations, business strategy, results of operations or financial condition.
Governance
Our Board considers cybersecurity risk as part of its risk oversight function. The Board oversees the Company’s overall risk framework including management’s implementation of our cybersecurity risk management program. The Board receives reports from the Chief Risk Officer on a regular basis on cybersecurity and information technology risk management.
Our Company’s cybersecurity team, overseen by our Chief Information Security Officer (“CISO”) is responsible for assessing and managing our risks from cybersecurity threats, including defining our security policy and furnishing related information for Board reporting. The CISO approves all security policies and oversees the identification, assessment, and management of security risks. The CISO regularly reports to management’s SOX Committee which may elevate cybersecurity issues to the Board at any time.