CHOICEONE FINANCIAL SERVICES INC 10-K Cybersecurity GRC - 2024-03-13

Page last updated on July 16, 2024

CHOICEONE FINANCIAL SERVICES INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-13 16:05:56 EDT.

Filings

10-K filed on 2024-03-13

CHOICEONE FINANCIAL SERVICES INC filed a 10-K at 2024-03-13 16:05:56 EDT
Accession Number: 0000950170-24-030747

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Our bank faces various cybersecurity threats, including unauthorized access, malware, and phishing attacks. These threats could compromise the security of our information systems and the data we store and process. While we have experienced, and expect to continue to experience, cybersecurity threats, we have not experienced a material cybersecurity incident in the three year period ended December 31, 2023. The potential consequences of a material cybersecurity incident could include reputational damage, litigation with 16 third parties, regulatory criticism or proceedings and increased cybersecurity protection and remediation costs, which in turn could materially adversely affect our results of operations. We have established an information security third party risk management program to identify and manage these risks. This program includes regular risk assessments, third party risk provider reviews, and implementation of security measures such as encryption and firewalls, and ongoing monitoring of our systems for potential threats. We also engage with industry consultants to assist with our risk assessments. On a regular basis, the technology steering committee, led by management, receives comprehensive reports summarizing cybersecurity threat monitoring and incident management activities. These reports also include details about remediation efforts to address identified threats and incidents. Additionally, both internal and external assessments of our company’s cybersecurity threat monitoring capabilities are shared with the committee. Meeting minutes from these committee sessions are diligently maintained and provided to the Board of Directors. The Board of Directors has responsibility for approving and overseeing management’s policies related to information system security and cybersecurity threats and incidents. They also supervise management’s overall approach to securing the company’s information systems. The Board of Directors delegates the oversight of cybersecurity risk management to the Information Technology Committee of the Board. The Information Technology Committee, in turn, reviews reports on our cybersecurity risk management processes. These reports cover assessments of management’s handling of cybersecurity threats and incident management functions. The committee receives periodic updates from the chief information officer, including information on social engineering risks, the effectiveness of cybersecurity training, and results from vulnerability and penetration assessments conducted both internally and by external parties. Audit reports related to information systems and cybersecurity threat monitoring are also part of this reporting process.


Company Information

NameCHOICEONE FINANCIAL SERVICES INC
CIK0000803164
SIC DescriptionState Commercial Banks
TickerCOFS - Nasdaq
Website
CategoryNon-accelerated filer
Smaller reporting company
Fiscal Year EndDecember 30