Page last updated on July 16, 2024
AWARE INC /MA/ reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-15 16:33:22 EDT.
Filings
10-K filed on 2024-03-15
AWARE INC /MA/ filed a 10-K at 2024-03-15 16:33:22 EDT
Accession Number: 0000950170-24-032239
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
ITEM 1C. CYBERSECUTIY Cybersecurity Risk Management and Strategy To help protect the Company from a major cybersecurity incident that could have a material impact on operations or the Company’s financial results, the Company has implemented policies, programs and controls, including technology investments that focus on cybersecurity incident prevention, identification and mitigation. The steps the Company takes to reduce its vulnerability to cyberattacks and to mitigate impacts from cybersecurity incidents include, but are not limited to: establishing information security policies and standards, implementing information protection processes and technologies, monitoring its information technology systems for cybersecurity threats, assessing cybersecurity risk profiles of key third-parties, implementing cybersecurity training and collaborating with public and private organizations on cyber threat information and best practices. The Company has implemented a Cybersecurity Policy (the “Policy”) that provides a framework for responding to cybersecurity incidents. The Policy includes requirements for incident disclosure and reporting, protocols for incident evaluation, including the use of third-party service providers and partners, and processes for notification and internal escalation of information to the Company’s senior management, incident response team, and Board of Directors (the “Board”) and appropriate Board committees. The Policy also addresses requirements for the Company’s external reporting obligations. The Plan is reviewed and updated, as necessary but no less frequently than once a year, under the leadership of the Company’s Chief Security Officer (“CSO”). Although the Company did not experience a material cybersecurity incident during the year ended December 31, 2023, the scope and impact of any future incident cannot be predicted. See “Item 1A. Risk Factors” for more information on the Company’s cybersecurity-related risks. Governance The Board of Directors, primarily through its Audit Committee, oversees the Company’s cybersecurity program. Management regularly reports to the Audit Committee on the current state of the Company’s cybersecurity program, including the current threat landscape, cybersecurity risks, and any significant incidents. The Audit 15 Committee may provide updates to the Board on the substance of these reports and any recommendations for improvements that the Audit Committee deems appropriate. At the management level, the Company has established written policies and procedures to ensure that significant cybersecurity incidents are immediately investigated, addressed through the coordination of various internal departments, and publicly reported, to the extent required by applicable law.
Company Information
Name | AWARE INC /MA/ |
CIK | 0001015739 |
SIC Description | Services-Prepackaged Software |
Ticker | AWRE - Nasdaq |
Website | |
Category | Non-accelerated filer Smaller reporting company |
Fiscal Year End | December 30 |