KIDPIK CORP. - (PIK)
10-K Filing Date: April 10, 2024
The Company understands the importance of preventing, assessing, identifying, and managing material risks associated with cybersecurity threats. Cybersecurity processes to assess, identify and manage risks from cybersecurity threats have been incorporated as a part of the Company’s overall risk assessment process. These risks include, among other things: operational risks, intellectual property theft, fraud, extortion, harm to employees or customers and violation of data privacy or security laws.
We have processes in place to identify, assess and monitor material risks from cybersecurity threats, including the material risks of the Company. These processes are part of our overall enterprise risk management process and have been embedded in our operating procedures, internal controls and information systems. On a regular basis we implement into our operations these cybersecurity processes, technologies, and controls to assess, identify, and manage material risks. Cybersecurity risks related to our business, technical operations, privacy and compliance issues are identified and addressed through a multi-faceted approach including third party assessments, IT security, governance, risk and compliance reviews.
Incidents are evaluated to determine materiality as well as operational and business impact, and reviewed for privacy impact.
We describe whether and how risks from identified cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition, under the headings “Disruptions in our data and information systems could harm our reputation and our ability to run our business” and “There may be losses or unauthorized access to or releases of confidential information, including personally identifiable information, that could subject the Company to significant reputational, financial, legal and operational consequences”, included as part of our risk factor disclosures at Item 1A of this Annual Report on Form 10-K.
Cybersecurity is an important part of our risk management processes and an area of focus for our Board and management.
Our Chief Operating Officer is responsible for the oversight of risks from cybersecurity threats. The Board will receive information and updates periodically with respect to the effectiveness of our cybersecurity and information security framework, data privacy and risk management, which includes that of the Company. The Board will also be provided updates on any material incidents relating to information systems security and cybersecurity incidents.
As of and for the year ended December 30, 2023, there have been no cybersecurity incidents that have materially affected the Company’s business strategy, results of operations, or financial condition.
52 |