Page last updated on July 16, 2024
EVERBRIDGE, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-27 08:43:56 EST.
Filings
10-K filed on 2024-02-27
EVERBRIDGE, INC. filed a 10-K at 2024-02-27 08:43:56 EST
Accession Number: 0000950170-24-020652
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
Item 1C. Cyber security. Risk Management and Strategy We have implemented and maintain various information security processes designed to identify, assess and manage material risks from cybersecurity threats to our critical systems, information and other information technology assets (including those of third parties upon which we rely). The information security function is overseen by our Chief Information Security Officer (“CISO”) and is supported by the Information Security and Privacy Committee (“ISPC”), which is made up of members of our executive management team including our Chief Legal & Compliance Officer and Chief Information Officer (“CIO”). The information security function works to identify and assess risks from cybersecurity threats by monitoring and evaluating internal and external cybersecurity threats including, for example using automated and manual tools and controls in certain environments and systems, overseeing internal and external audits, conducting vulnerability assessments and penetration tests in certain environments and systems, and facilitating tabletop incident response exercises. Our assessment and management of material risks from cybersecurity threats are integrated into the Company’s overall risk management processes. For example, cybersecurity risk is addressed as a component of the Company’s enterprise risk management program. Depending on the environment and system, we implement and maintain various technical, physical, and organizational measures, processes, standards and policies designed to manage and mitigate material risks from cybersecurity threats to our critical systems, information and assets, including, for example: incident response plan and incident response policy, systems monitoring, vulnerability management policy, third party management program, failover and contingency plans, employee training, cybersecurity insurance, encryption of certain data, dedicated cybersecurity staff, network security controls and data segregation for certain environments and systems, physical security controls, and certain cloud security posture management processes. We use third-party service providers to assist us from time to time to identify, assess, and manage material risks from cybersecurity threats, including for example professional services firms (such as outside legal counsel), penetration testing firms, threat intelligence service providers, forensic investigators, and cybersecurity software providers. We use third-party service providers to perform a variety of functions throughout our business, such as application providers, hosting companies, and other vendors that help us provide critical business services. We have a risk management process to manage cybersecurity risks associated with our use of certain of these third-party providers. Depending on the nature of the services provided, the sensitivity of the critical systems, information and assets at issue, and the identity of the provider, our third-party risk management process may involve different levels of assessment designed to help identify cybersecurity risks associated with a provider, including, for example, risk assessments that include a review of security risk and questionnaires. For a description of the risks from cybersecurity threats that may materially affect the Company and how they may do so, see our risk factors under Part 1. Item 1A. Risk Factors in this Annual Report on Form 10-K, including “Risks Related to Cybersecurity and Reliability.” 70 Governance Our Board addresses the Company’s cybersecurity risk management as part of its general oversight function. Our cybersecurity risk assessment and management processes are implemented and maintained by certain Company management, including our CISO, who has over 20 years of information security experience; our CIO, who has over 20 years of experience in information technology and cybersecurity; our Deputy CISO who has over 20 years of experience in the information technology and cybersecurity industry; and our Chief Legal & Compliance Officer, who has served as chief legal and compliance officer of various companies for the past five years. Our CISO, who reports to the CIO, is responsible for hiring appropriate personnel, approving budgets, helping prepare for cybersecurity incidents, approving cybersecurity processes, and reviewing security assessments and other security-related reports. Our cybersecurity incident response and vulnerability management policies are designed to escalate certain cybersecurity incidents to members of management depending on the circumstances, including the CIO, Chief Legal & Compliance Officer, and others, who help the Company mitigate and remediate cybersecurity incidents of which they are notified and who may further notify the Board in accordance with such policies. Our CIO, CISO, and Chief Legal & Compliance Officer report quarterly to the ISPC and the Board concerning the Company’s significant cybersecurity threats and risk and the processes the Company has implemented to address them.
Company Information
Name | EVERBRIDGE, INC. |
CIK | 0001437352 |
SIC Description | Services-Prepackaged Software |
Ticker | EVBG - Nasdaq |
Website | |
Category | Large accelerated filer |
Fiscal Year End | December 30 |