Page last updated on July 16, 2024
BGSF, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-14 21:30:17 EDT.
Filings
10-K filed on 2024-03-14
BGSF, INC. filed a 10-K at 2024-03-14 21:30:17 EDT
Accession Number: 0001474903-24-000026
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
ITEM 1C. CYBERSECURITY. Our broader information security program aims to secure our systems, keep our business running, and protect our client partners, field talent, team members, and shareholders from vulnerabilities and threats by protecting against, detecting, and recovering from cybersecurity incidents. With oversight from our Board, the Audit Committee, and management, we have put proactive measures and systems in place in an effort to protect our information assets from unauthorized use or access. Our cybersecurity framework is based on the National Institute of Standards and Technology (“NIST”). Management Oversight Our CIO and key members of senior management are accountable for our cybersecurity and data privacy programs and is supported by the Board of the Directors (the “Board”). Our CIO has extensive information technology and program management experience and has served many years in our corporate information security organization. Under the guidance of the Board, the CIO manages day-to-day operations of the security and data privacy functions and proposes changes to our cybersecurity strategy, which is part of our overall information technology strategy. The CIO and the Board meet frequently to discuss cyber and data operations, privacy programs and risks. Our IT department monitors and manages system infrastructure in an effort to protect us against threats. Our cybersecurity process considers risks from many sources including, but not limited to, alerts, threat intelligence sources, risk assessments, and vulnerability management. Our cybersecurity process includes a risk assessment procedure, a risk evaluation procedure, and a third-party partner to strengthen our cybersecurity controls. These controls are designed to block and/or provide alerts on suspicious activities. Our security team responds as appropriate to risks identified. Board Oversight The Board is actively engaged in the oversight of cybersecurity and data privacy. On a quarterly basis, the Board receives updates on (a) our progress on security improvement objectives, (b) relevant reported cybersecurity internal incidents and the global evolving risks, and (c) results of work performed by our third-party information security partner. We engage subject matter experts in conducting independent assessments of our cybersecurity program maturity, penetration tests, and other tests and assessments. Third-Party Vendor Management Many of our information technology systems and networks are cloud-based or managed by third parties, whose future performance and reliability we cannot control. The risk of a cyberattack or security breach on a third party carries the same risks to us as those associated with our internal systems. We seek to reduce these risks by performing significant vendor due diligence procedures prior to engaging with any third-party vendor who will have access to sensitive data. Additionally, we require annual audits of certain third parties’ information technology processes. We face risks from cybersecurity threats that could have a material adverse effect on our business strategy. See “Risks Related to Our Information Technology, Cybersecurity and Data Protection” in Part 1, Item 1A. Risk Factors of this report for a discussion of these risks. With respect to our cybersecurity process, we are not aware of any material breach to date.
Company Information
Name | BGSF, INC. |
CIK | 0001474903 |
SIC Description | Services-Help Supply Services |
Ticker | BGSF - NYSE |
Website | |
Category | Accelerated filer Smaller reporting company |
Fiscal Year End | December 30 |