Forian Inc. - (FORA)

10-K Filing Date: March 29, 2024
Item 1C.
Cybersecurity

We believe that a strong cybersecurity program is vital to effective cybersecurity risk management. Since our formation, we have prioritized the implementation and maintenance of robust cybersecurity measures to help safeguard sensitive information and our business operations and to protect the confidentiality, integrity and availability of our information systems and the nonpublic information transmitted, processed and stored on our systems or those of third-party service providers.
 
Our Board of Directors is responsible for overseeing our cybersecurity program and includes members with diverse skills and experience, including risk management, technology and finance, which the Board considers to be helpful in overseeing cybersecurity risks. Our Board of Directors regularly assesses material developments with respect to the risks from cybersecurity threats in connection with its evaluation of our business operations on a quarterly basis. Our Board of Directors has established oversight mechanisms that are intended to promote effective governance in managing risks associated with cybersecurity threats in recognition of the significance these threats present to our operational integrity and the information stored on our and our third-party providers’ information systems.
 
Our Vice President of Data and Process Enablement provides management with information regarding our cybersecurity program and potential cybersecurity threats or incidents, which information is then provided to our Board of Directors as required. In addition, our Vice President of Data and Process Enablement is empowered to escalate material cybersecurity threats or incidents and strategic risk management decisions to the Board of Directors so that they can provide appropriate oversight and guidance on these critical cybersecurity issues within the context of our overall strategic objectives and business operations.
 
21

Our management team is responsible for ensuring that we have appropriate policies and procedures in place to help identify, measure, monitor and control potentially significant business risks. In connection with these responsibilities, our management team meets regularly to assess our information technology policies and review the architecture of our information system infrastructure in the management of cybersecurity related risks to our business.
 
Our management works closely with their information technology and security counterparts to evaluate and address cybersecurity threats in alignment with our business objectives and operational needs. We also maintain an enterprise-wide information systems security program that applies to all employees. All employees are expected to assist in safeguarding our information systems and to assist in the discovery and reporting of cybersecurity incidents. This program is intended to identify and assess internal and external cyber and information security risks that may threaten the security or integrity of nonpublic information stored on our and our third-party providers’ information systems from unauthorized access, use or other malicious acts.
 
Additionally, our Vice President of Data and Process Enablement plays an important role in the prevention, detection, mitigation, and remediation of cybersecurity incidents and in informing management and our Board of Directors on cybersecurity risks and issues. Regular annual assessments include the evaluation of (a) the confidentiality of nonpublic information and the integrity and security of our information systems; (b) cybersecurity policies and procedures; (c) material cybersecurity risks; (d) the effectiveness of our cybersecurity program; and (e) any material cybersecurity incidents.
 
We regularly engage with a range of external experts, including cybersecurity assessors, risk management professionals and other consultants, in evaluating and testing our risk management systems given the complexity and evolving nature of cybersecurity threats. These engagements enable us to leverage specialized knowledge and insights and assist with our goal of maintaining cybersecurity strategies and processes that are consistent with industry best practices.
 
We are aware of the risks associated with third-party service providers and have implemented policies and processes to oversee and assist with managing these risks. Our management team evaluates third-party providers before engagement and monitors these providers on an ongoing basis commensurate with the level of risk and complexity of the relationship with, and the activities performed by, such providers. This approach is designed to help identify and mitigate risks related to data breaches or other cybersecurity incidents originating from third-parties in order to better protect our assets and data.
 
We have not encountered cybersecurity threats or incidents that have materially and adversely affected, or are reasonably likely to materially and adversely affect, our business strategy, results of operations or financial condition. Notwithstanding the defensive approach we take to cybersecurity, we may not be successful in preventing or mitigating a cybersecurity incident that could have a material adverse effect on us. While we maintain cybersecurity insurance, the costs related to cybersecurity threats, incidents or disruptions may not be fully insured. For more information regarding the risks we face from cybersecurity threats, see Part I, Item 1A, “Risk FactorsSecurity breaches and unauthorized use of our systems and information could expose us, our customers, our data suppliers or others to risk of loss.”
 

© 2024 Material-Incidents. All rights reserved.