Fathom Holdings Inc. 10-K Cybersecurity GRC - 2024-03-19

Page last updated on July 16, 2024

Fathom Holdings Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-19 17:23:21 EDT.

Filings

10-K filed on 2024-03-19

Fathom Holdings Inc. filed a 10-K at 2024-03-19 17:23:21 EDT
Accession Number: 0001628280-24-011953

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity We recognize the importance of developing, implementing, and maintaining effective cybersecurity measures designed to protect our information systems and the confidentiality, integrity, and availability of our data. We face a number of information technology and cybersecurity threats which could have an adverse effect on our business and results of operations. Notwithstanding the Company’s cybersecurity framework and preventative strategies, we may not be successful in preventing or mitigating a cybersecurity incident that could have a material adverse effect on us. See “Item 1A. Risk Factors” for a discussion of cybersecurity risks. Risk Management and Strategy We maintain robust cybersecurity protocols designed to identify, assess, manage, mitigate, and respond to cybersecurity threats. The Audit Committee of the Board of Directors oversees management’s adherence to, and implementation of, the cybersecurity protocols and receives periodic updates on the Company’s cybersecurity risks. Our cybersecurity protocols and related processes are integrated into our overall enterprise risk management (ERM) process. We use the COSO Framework as a framework for our Cybersecurity Policy. Third parties also play a role in our cybersecurity. We engage third-party services to evaluate our security controls. Such evaluations include testing both the design and operational effectiveness of security controls. We also have processes to oversee and identify cybersecurity threats associated with our use of third-party service providers. Prior to engaging a third-party service provider, we carefully evaluate their cybersecurity reputation and track record, industry reports, and any potential information that they would have access to in the course of their work with us. Governance As of December 31, 2023, no risks from cybersecurity threats, including as a result of cybersecurity incidents we have experienced in the past, have materially affected or are reasonably likely to materially affect the Company, including its business strategy, results of operations, or financial condition. Our Board of Directors is involved in the design, implementation, and evaluation of our cybersecurity protocols. Particularly, our Audit Committee receives regular and frequent reports on the existence of cybersecurity threats, and works with management to devise appropriate measures to mitigate risks. Staying Updated with Cybersecurity The Company goes through a quarterly systems penetration test, using an independent third-party vendor, that finds new possible vulnerabilities in the system with recommendations to mitigate each vulnerability. With those recommendations, we schedule those fixes via our development team to resolve the vulnerabilities as soon as possible. Mitigation, System Recovery, Redundancy and Continuity As a process of mitigation, redundancy, and recovery, we keep multiple temporal copies of our databases and code base in multiple places, both on cloud and offline. We have a completed automated system deploy, which allows us to ‘revive’ our entire systems, via code (using a concept of infrastructure as code) in any cloud (or even physical servers) of our choice.


Company Information

NameFathom Holdings Inc.
CIK0001753162
SIC DescriptionReal Estate Agents & Managers (For Others)
TickerFTHM - Nasdaq
Website
Category
Emerging growth company
Fiscal Year EndDecember 30