Page last updated on July 16, 2024
MongoDB, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-15 16:11:42 EDT.
Company Summary
MongoDB is a next-generation database that helps businesses transform their industries by harnessing the power of data. (Source: Crunchbase)
Filings
10-K filed on 2024-03-15
MongoDB, Inc. filed a 10-K at 2024-03-15 16:11:42 EDT
Accession Number: 0001441816-24-000049
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
Item 1C. Cybersecurity Cybersecurity Risk Management At MongoDB, cybersecurity risk management is an integral part of our overall information security program, which we review and update at least annually to reflect changes to our organization, business practices, technology and services, and applicable legislation and regulations. Our information security program is designed to align with the National Institute of Standards and Technology Cyber Security Framework and provides a framework for handling cybersecurity threats and incidents, including threats and incidents associated with the use of services provided by third parties. This framework includes steps for assessing the severity of a cybersecurity threat or incident, identifying the source of a cybersecurity threat or incident including whether the cybersecurity threat or incident is associated with a third-party service provider, implementing cybersecurity countermeasures and mitigation strategies and informing management and our board of directors of material cybersecurity threats and incidents. In addition, our information security team provides ongoing education to and requires mandatory training at least once annually of all employees. To bolster the security of our products and services, we have appropriate technical and organizational measures in place to protect data that our customers upload to MongoDB Atlas, which is certified against ISO 27001:2013, ISO 27017:2015, ISO 27018:2019, SOC 2 Type II, Payment Card Industry Data Security Standard v.4, and Cloud Security Alliance (“CSA”) Security, Trust, Assurance, Information Security Registered Assessors Program and Risk (“STAR”) Level 2. We also engage third parties to perform annual audits of our standards-based certifications and we have undergone a Health Insurance Portability and Accountability Act examination validated by a qualified third-party assessor. Governance Our board of directors has overall oversight responsibility for our enterprise risk management, and delegates cybersecurity risk management oversight to its Audit Committee. The Audit Committee is responsible for ensuring that management has processes in place designed to identify and assess cybersecurity risks to which the Company is exposed and implement processes and programs designed to manage cybersecurity risks, including mitigation and remediation of cybersecurity threats and incidents. In addition, on a quarterly basis, certain members of our board of directors meet with our Chief Information Security Officer, (“CISO”), and other senior executives to perform more in-depth reviews of the Company’s cybersecurity programs, as well as relevant cybersecurity risks and mitigation strategies and report back to the Audit Committee regarding the matters reviewed. Ahead of each such quarterly meeting, management, including the CISO and our information security team, prepares and provides cybersecurity reports that cover, among other topics, developments in cybersecurity and updates to the company’s cybersecurity programs and mitigation strategies, legislative developments affecting MongoDB’s information security program, and notable security incidents and investigations. The Audit Committee subsequently reports material cybersecurity matters to our full board of directors. In addition, our management follows a risk-based escalation process to notify the Audit Committee outside of the regular reporting cycle when they identify an emerging cybersecurity risk. Our cybersecurity programs are under the direction of our CISO, who receives reports from our information security team and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents. Our CISO and dedicated security leaders are certified and experienced information systems security professionals and information security managers each with well over a decade of experience. Our CISO and information security team, along with our management, are responsible for identifying, considering and assessing material cybersecurity risks on an ongoing basis, establishing processes to ensure that such potential cybersecurity risk exposures are monitored, putting in place appropriate mitigation measures and maintaining our cybersecurity programs. Despite our efforts, we cannot eliminate all risks from cybersecurity threats, or provide assurances that we have not experienced an undetected cybersecurity incident. For more information about these risks, please see “Risk Factors - Risks Related to our Business and Industry” in this annual report on Form 10-K.
Company Information
Name | MongoDB, Inc. |
CIK | 0001441816 |
SIC Description | Services-Prepackaged Software |
Ticker | MDB - Nasdaq |
Website | |
Category | Large accelerated filer |
Fiscal Year End | January 30 |