ENGLOBAL CORP - (ENG)
10-K Filing Date: March 29, 2024
Risk Management and Strategy
Securing our business information, intellectual property, customer and employee data and technology systems is essential for the continuity of our business, meeting applicable regulatory requirements and maintaining the trust of our stockholders. Cybersecurity is an important and integrated part of our enterprise risk management function that identifies, monitors and mitigates business, operational and legal risks.
18 |
To help protect us from a major cybersecurity incident that could have a material impact on operations or our financial results, we have implemented policies and controls, including investments in technology tools that focus on cybersecurity incident prevention, identification and mitigation. The steps we have taken to reduce our vulnerability to cyberattacks and to mitigate impacts from cybersecurity incidents include, but are not limited to: software tools to collect, aggregate, and analyze volumes of data from an organization’s applications, devices, servers, and users in real-time so security teams can detect and block attacks, establishing information security policies and standards, implementing information protection processes and technologies, and monitoring our information technology systems for cybersecurity threats. We engage a consulting firm on an annual basis to help us test the effectiveness of our internal controls over financial reporting, which includes general controls related to IT. We are currently working with them to update our control environment to include key controls designed to reduce the risks of cybersecurity threats. We also require third-party service providers to provide an annual SOC-1 report, which includes among other assurances that controls are in place to maintain the confidentiality and privacy of the information processed by the service organization. In addition, we annually purchase a cybersecurity risk insurance policy that would help defray the costs associated with a covered cybersecurity incident if it occurred.
Governance
Our Board of Directors is actively engaged in overseeing and reviewing our strategic direction and objectives of the Company, taking into account our risk profile and related exposures, including oversight of risks from cybersecurity threats. As part of this oversight function and the recognition of the increasing exposure of cybersecurity threats, the Company is in the process of working with the Board on measures to strengthen our cybersecurity program and establishing a more formal process to evaluate and enhance the effectiveness of our cybersecurity policies and procedures. Our management team is responsible for managing risk and bringing to the Board’s attention any material near-term and long-term risks to the Company, including risks from cybersecurity threats.
Our cybersecurity risk management team is comprised of technically skilled IT professionals with experience in preventing, detecting, mitigating and remediating cybersecurity incidents and testing cybersecurity processes under the leadership of our IT Director, who reports to our Chief Executive Officer. The team works in close coordination with the Chief Financial Officer and Chief Executive Officer on cybersecurity risk management matters. Our IT Director has over 20 years of experience in cybersecurity, data security, IT infrastructure and cloud services. He holds a Bachelor’s Degree of Commerce from the University of Karachi.
We have not identified any risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected or are reasonably likely to materially affect our operations, business strategy, regulatory compliance, results of operations, or financial condition