Red Violet, Inc. 10-K Cybersecurity GRC - 2024-03-07

Page last updated on July 16, 2024

Red Violet, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-07 16:55:30 EST.

Filings

10-K filed on 2024-03-07

Red Violet, Inc. filed a 10-K at 2024-03-07 16:55:30 EST
Accession Number: 0000950170-24-028115

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity . Risk Management and Strategy We have implemented and maintain a comprehensive information security program designed to protect the confidentiality, integrity, and availability of our critical systems and information, as well as to identify, assess, manage, mitigate, and respond to cybersecurity threats. Our systems and processes are assessed by independent third parties for compliance with: the International Standard Organization (“ISO”) 27001; System and Organization Controls (“SOC”) 2, Type 2; and Payment Card Industry Data Security Standards (“PCI DSS”) Level 1. Our information security program includes the following key elements to help identify, manage, mitigate, and respond to cybersecurity threats: - Risk assessments -We conduct risk assessments designed to help identify material cybersecurity risks, quantify the impact and probability of each risk, develop mitigating controls, and periodically reassess previously identified risks. - Testing -We conduct regular testing of our systems and controls to help identify and address potential vulnerabilities. - Technical safeguards -We utilize various technical safeguards to help protect our information systems from cybersecurity threats. We regularly review our technical safeguards and update them in accordance with recognized best practices and standards. - Business continuity and disaster recovery planning -We maintain business continuity and disaster recovery plans and periodically test those plans. - A cybersecurity incident response plan -We maintain a policy governing actions required for reporting and managing cybersecurity incidents. We have designated an Incident Response Team with clearly defined roles and responsibilities for managing all material aspects of our reporting and response plan. - Employee training and awareness programs -We provide training to our employees to help identify, avoid, and mitigate cybersecurity threats. Our employees participate in annual training, including insider threat awareness, simulated phishing exercises, and other awareness training. - Third-party risk management -We maintain a third-party risk management program that is designed to help identify, assess, manage, mitigate, and respond to risks associated with the Company’s suppliers and other third parties. 19 We regularly review our information security program and associated policies, making periodic updates as we deem necessary and appropriate in accordance with recognized best practices and standards. Governance Our information security program and cyber risk management program is managed by our Chief Information Officer (“CIO”) and a team of information security personnel reporting to the CIO. Our CIO brings over 30 years of experience in information technology and information security, working as an executive within data-driven companies for the last 20 years. Management holds monthly Information Security Management System (ISMS) meetings which include members of the executive management team as well as the CIO and other key individuals reporting to the CIO. Cybersecurity risks, threats, and vulnerabilities, as well as existing mitigating controls, are discussed in ISMS meetings. Our CIO also provides quarterly reports of our information security program, as well as any material cybersecurity risks, to the board of directors. The Company did not experience a material cybersecurity incident during the year ended December 31, 2023. However, the possibility of future cybersecurity incidents, as well as cybersecurity and technology risks more generally, could have a material adverse effect on the Company’s business, financial condition, results of operations, cash flows or reputation. See “Item 1A. Risk Factors - Cybersecurity and Technology Risks” for more information.

Company Information