FRANKLIN FINANCIAL SERVICES CORP /PA/ 10-K Cybersecurity GRC - 2024-03-11

Page last updated on July 16, 2024

FRANKLIN FINANCIAL SERVICES CORP /PA/ reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-11 17:26:48 EDT.

Filings

10-K filed on 2024-03-11

FRANKLIN FINANCIAL SERVICES CORP /PA/ filed a 10-K at 2024-03-11 17:26:48 EDT
Accession Number: 0000723646-24-000016

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity The Corporation has developed an information security program to assess, identify, and monitor cybersecurity risks. The Corporation regularly assesses cybersecurity risks arising from the operating environment and attempts to identify the likelihood and severity of the risk and the possible impact of the risk on the Corporation, its customers, and employees. The Corporation conducts periodic testing of software, hardware, defensive capabilities, and other information security systems utilizing both internal processes and third-party consultants. Testing procedures are supplemented by regular cyber threat exercises and employee training. Threat simulation exercises are used to develop and refine the Corporation’s incident response plans and employees undergo cybersecurity awareness training on a regular basis. The Corporation also addresses cyber risks posed by its relationships with third-party vendors. The Corporation assesses vendor risk as a part of its vendor management process, which requires a pre-acquisition diligence review, including the review of the vendor’s information security policy for all vendors determined to be a “critical vendor”. The vendor management process also requires a review of all critical vendors annually and all critical vendors are reported to the Board of Directors. The Corporation’s information security program is led by the Chief Technology Officer in conjunction with the Chief Risk Office and the Executive Enterprise Risk Management Committee. The Board Enterprise Risk Management Committee is responsible for oversight of the Corporation’s cybersecurity and information security program and regularly reviews and evaluates information security and cybersecurity risks provided by management. To date, risks from cybersecurity threats or incidents have not materially affected the Corporation. However, the sophistication of and risks from cybersecurity threats and incidents continues to increase, and the preventative actions the Corporation has taken and continues to take to reduce the risk of cybersecurity threats and incidents and protect its systems and information may not successfully protect against all cybersecurity threats and incidents. For more information on how cybersecurity risk could materially affect the Company’s business strategy, results of operations, or financial condition, please refer to Item 1A Risk Factors.


Company Information

NameFRANKLIN FINANCIAL SERVICES CORP /PA/
CIK0000723646
SIC DescriptionState Commercial Banks
TickerFRAF - Nasdaq
Website
CategoryNon-accelerated filer
Smaller reporting company
Fiscal Year EndDecember 30