PERFICIENT INC - (PRFT)
10-K Filing Date: February 27, 2024
Item 1C.Cybersecurity.
Risk Management & Strategy
Perficient proactively manages its cybersecurity and data privacy risks with organizational and technical controls including a comprehensive set of policies, procedures, required annual and role-based training, cybersecurity insurance, security assessments for vendors with access to Perficient and/or Perficient client networks, and use of technology such as Multi-Factor Authentication (the “Program”). Perficient regularly tests and validates its Program using internal resources, external auditors, and rigorous industry certifications. After maintaining a Systems and Organization Controls 2 (SOC2) certification, Perficient achieved its global ISO27001:2022 certification, an international standard for information security management systems, in October 2023.
The Program is supported by a cross-functional team which identifies, assesses, monitors, tracks and pro-actively mitigates general and company specific risks, including those related to business continuity and third parties.
Perficient’s Information Technology, Data Security, Data Privacy, Finance and Communications teams conduct annual tabletop exercises in which various levels of management participate in simulated data security/privacy scenarios that Perficient, its clients and/or its personnel may face in the future. Perficient engages external resources to refresh the subject matter of these exercises and to continually challenge Perficient’s management in these exercises. Annual formal training using an online platform is required for all Perficient employees and subcontractors. Topics include how to identify suspicious activities and occurrences related to social engineering, phishing, viruses, and insider threats. Certain employees complete additional role-based training. Perficient’s formal training is supplemented throughout the year by regular “Securing Perficient” emails which reinforce relevant cybersecurity policies and procedures and cover topics such as emerging cybersecurity risks.
Perficient’s senior management are members of the Security and Compliance Executive Committee (“SCEC”) which meets at least semi-annually to review Perficient’s current cybersecurity risks, the effectiveness of current controls, policies and training. Any security-related policy violations or incidents involving Perficient or client data would be included in the SCEC briefing. Perficient senior management also regularly considers the impact of cybersecurity risks when developing its business strategy, financial planning, and capital allocation. Perficient is not aware of any current or past cyber related risks which have or are reasonably likely to materially affect its strategy, operations, or financial condition.
Governance
Perficient’s Vice President of Information Technology and General Counsel are active members of the cross-functional team managing the Program. Perficient’s Vice President of Information Technology is responsible for Perficient’s internally facing technology solutions, infrastructure, and data security team. He has served in similar leadership roles prior to joining Perficient. Perficient’s General Counsel is responsible for Perficient’s legal and privacy teams. He has over 10 years of experience in the technology sector which includes substantial experience in cybersecurity-related matters. These members of Perficient’s senior management team oversee day to day risk management activities performed by the Company’s IT Infrastructure, Data Security, and Data Privacy colleagues and participate in annual simulated data security/privacy exercises. The VP of Information Technology and General Counsel also regularly brief other members of the Company’s senior management team and the Board, either as a whole or through its Audit Committee, which is charged with oversight of the Program. These briefings occur at least quarterly and address the Program’s operations, management of cybersecurity risks, and any potential impact on Perficient’s operations and financial stability.