CarParts.com, Inc. - (PRTS)
10-K Filing Date: March 07, 2024
Risk Management and Strategy
Because it is essential to our operations and business strategy that our website, app, technology and network infrastructure remain secure, we have processes in place for assessing, identifying, and managing material risks from cybersecurity threats. We have integrated these processes into our cybersecurity risk management program.
The key processes, or components, of our cybersecurity risk management include:
● | conducting periodic risk assessments to assist in identifying cybersecurity threats or risks; |
● | cybersecurity strategic roadmap; |
● | security and IT infrastructure management team, responsible for managing our cybersecurity processes, implementing security applications and protocols, monitoring and executing security or network controls, and responding to incidents or threats; |
● | cybersecurity training programs and cybersecurity awareness event for employees; |
● | incident response plan, including assessing and monitoring potential cyber threats; |
● | similar processes or applications to mitigate or manage cybersecurity risk from third-party service providers; |
We sometimes engage external cybersecurity experts, or applications, to enhance our cybersecurity program. These serve to assist our internal cybersecurity team in mitigating cyber threats, in addition to monitoring and responding to potential cyber incidents.
As previously disclosed, in June 2020, we were the subject of a ransomware attack on our network that briefly disrupted access to some of our systems. Although we did not pay the ransomware and did not incur any fines or settlements, we did incur out of pocket expenses costs related to this incident of $100,000. We have not encountered any other cybersecurity challenges that have materially impaired our operations or business.
Additional information regarding risks from cybersecurity threats is discussed in Part I, Item IA, “Risk Factors,” under the heading “Security threats, such as ransomware attacks, to our IT infrastructure could expose us to liability, and damage our reputation and business,” which should be read in conjunction with the information herein.
Governance
Cybersecurity risk management is an important priority integrated into our overall governance structure. Our Board of Directors oversees risks from cybersecurity threats and includes the involvement of the Audit Committee in the governance strategy.
Our IT security management team, led by our Chief Technology Officer, reports quarterly in meetings to our Audit Committee and periodically to our Board of Directors regarding updates to our cybersecurity program and related risks. We have a cybersecurity expert on the Board of Directors and its Audit Committee to provide expanded expertise and oversight on our cybersecurity processes and systems. Topics in the meetings include discussion of the company-wide cybersecurity strategic roadmap and risks, protocols to mitigate such rusks, and the progress of initiatives in the cybersecurity program. Specific cybersecurity briefing areas may include topics such as security, infrastructure,
28