EzFill Holdings Inc - (EZFL)

10-K Filing Date: April 01, 2024
Item 1C. Cybersecurity 

 

We have a range of security measures that are designed to protect against the unauthorized access to and misappropriation of our information, corruption of data, intentional or unintentional disclosure of confidential information, or disruption of operations. These security measures include controls, security processes and monitoring of our manufacturing systems. We have cloud security tools and governance processes designed to assess, identify and manage material risks from cybersecurity threats. In addition, we maintain an information security training program designed to address phishing and email security, password security, data handling security, cloud security, operational technology security processes, and cyber-incident response and reporting processes.

 

Our Company is committed to maintaining the highest standards of cybersecurity to protect our data, intellectual property, and customer information from cyber threats. As part of this commitment, we leverage a sophisticated cybersecurity framework that integrates the robust capabilities of the Microsoft cloud ecosystem with the specialized services of a leading third-party cybersecurity service provider.

 

The Microsoft cloud ecosystem, including Microsoft 365, Azure, SharePoint Online, Microsoft Defender, and Microsoft InTune, forms the backbone of our cybersecurity infrastructure. These platforms offer advanced security features such as data encryption in transit and at rest, network security controls, identity and access management, and threat protection capabilities. Microsoft’s constant investment in cybersecurity research and development ensures that we benefit from cutting-edge security technologies and practices.

 

27
 

 

In addition to utilizing the Microsoft cloud ecosystem, we have engaged a third-party service provider to enhance our cybersecurity posture further. This provider brings additional layers of security through services including:

 

Software Security Management: Ensuring that applications such as Office 365 and Azure are configured, maintained and following best security practices.
   
Security Monitoring and Consultation Services: Continuous monitoring of our systems for suspicious activities and providing expert consultation to address and mitigate potential threats.
   
Data Storage and Backup of Source Systems: Implementing robust data storage solutions and backup protocols to ensure data integrity and availability.
   
Security Policy Management: Developing and enforcing comprehensive security policies that govern all aspects of our cybersecurity efforts.
   
Threat Response Management: Rapid identification and response to security incidents to minimize impact.
   
Security Software Implementation: Deployment of state-of-the-art security software solutions that complement the security features of the Microsoft cloud ecosystem.

 

Our approach to cybersecurity is proactive and multifaceted, combining the scalability and reliability of the Microsoft cloud services with the agility and expertise of our third-party cybersecurity partner. Together, these resources form a comprehensive defense mechanism against a wide range of cyber threats, from phishing and malware attacks to sophisticated nation-state sponsored cyber-attacks. We continuously evaluate and adapt our cybersecurity strategy to respond to evolving threats and to align with best practices and regulatory requirements. Our commitment to cybersecurity is integral to our business operations, and we believe our strategic investments in this area significantly mitigate the risk of cybersecurity incidents that could impact our company’s reputation, financial position, or operational capabilities.

 

Governance

 

The management of the Company is responsible for overseeing risk for the Company and has delegated to the VP, Engineering & Technology (“VPE&T”) the responsibility for overseeing the cybersecurity risk management strategy for the Company. Management receives regular updates on our cybersecurity risk management process from the VPE&T. The VPE&T reviews our comprehensive cybersecurity framework, including reviewing our cybersecurity reporting protocol that provides for the notification, escalation and communication of significant cybersecurity events to the management team.

 

The Company’s cybersecurity program is overseen by our VPE&T, who is responsible for global information technology, including cybersecurity. Our VPE&T, is primarily responsible for assessing and managing material risks from cybersecurity threats, including monitoring the measures used for prevention, detection, mitigation and remediation of cybersecurity incidents. The information security organization is comprised of internal IBIO employees and external security suppliers who provide security monitoring and response.