Page last updated on July 16, 2024
GoodRx Holdings, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-29 14:04:01 EST.
Filings
10-K filed on 2024-02-29
GoodRx Holdings, Inc. filed a 10-K at 2024-02-29 14:04:01 EST
Accession Number: 0001809519-24-000032
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
Item 1C. Cybersecurity. Cybersecurity Risk Management and Strategy We have established and implemented a cybersecurity risk management program and information privacy program (collectively, our “Cybersecurity and Privacy Programs”) that are collectively intended to protect the confidentiality, integrity, and availability of our critical information systems and the information residing therein. These programs are integrated into, and form a part of, our overall enterprise risk management program, and share similar methodologies, reporting channels and governance processes to those that apply across the broader enterprise risk management framework. Our Cybersecurity and Privacy Programs include: - Teams responsible for managing security and privacy controls, risk assessments, and responding to cybersecurity incidents; - Security and privacy awareness training of our employees; - Privacy and security risk assessments designed to identify material privacy and/or cybersecurity risks to our systems, processes, and assets; - The use of external service providers to assist with privacy and security controls, including vulnerability management; - An incident response plan with trained personnel and personnel that are trained to execute the plan; and, - A third-party risk management process for service providers and vendors. We are subject to an evolving threat landscape that could pose various risks to our business, and such risks are regularly evaluated and managed via our Cybersecurity and Privacy Programs by internal and external experts. We have not identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected or are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition. For more information regarding risks related to cybersecurity matters, please see Part I, Item 1A, “Risk Factors-We depend on our information technology systems, and those of our third-party vendors, contractors and consultants, and any failure or significant disruptions of these systems, security breaches or loss of data could materially adversely affect our business, financial condition and results of operations.” Cybersecurity Governance Our Board and its committees have an active role in overseeing risk management and they have delegated to the Compliance Committee oversight over our cybersecurity and data privacy risks. The Compliance Committee oversees management’s implementation of our Cybersecurity and Privacy Programs, except to the extent direct oversight by the Board is required by the FTC Order. The Compliance Committee receives periodic reports from management regarding cybersecurity and privacy risks, any material updates thereto and a summary of any cybersecurity and/or privacy events or incidents that have occurred, in each case, since the most recent update provided to the Compliance Committee. The Compliance Committee reports to the full Board regarding its activities, including those related to cybersecurity and privacy. In addition, at least once every twelve months and promptly after the occurrence of certain specified cybersecurity/data privacy incidents, the Board and our Interim Chief Executive Officer receive the written Cybersecurity and Privacy Program materials, which include the results of the most recent cybersecurity and privacy risk assessment and any evaluations thereof or updates thereto (collectively, the “Reporting Materials”). On an annual basis, management also leads the Board through a comprehensive review of the Reporting Materials, including, among other things, a review of the identified material cybersecurity and privacy risk exposures and the safeguards implemented to control such risk exposures. Our Security Team is responsible for assessing and managing our material risks from cybersecurity threats and is primarily responsible for our overall Cybersecurity and Privacy Programs and collaborates with other employees and third parties to identify and mitigate applicable risks. The Security Team’s experience includes various industry certifications (e.g., CISSP, CISM, CCSP, CISA, etc.), and industry experience (e.g., healthcare, technology, critical infrastructure, etc.). Under the Cybersecurity and Privacy Programs, our Security Team monitors, prevents, detects, mitigates, and remediates cybersecurity risks and incidents via various means, including monitoring threat intelligence from various sources, internal and external vulnerability management, and alerts and reports produced by security tools. Reporting of such risks is regularly provided to the Board and the Compliance Committee, as applicable.
Company Information
Name | GoodRx Holdings, Inc. |
CIK | 0001809519 |
SIC Description | Services-Computer Processing & Data Preparation |
Ticker | GDRX - Nasdaq |
Website | |
Category | Accelerated filer |
Fiscal Year End | December 30 |