MARCHEX INC 10-K Cybersecurity GRC - 2024-03-29

Page last updated on July 16, 2024

MARCHEX INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-29 19:51:09 EDT.

Filings

10-K filed on 2024-03-29

MARCHEX INC filed a 10-K at 2024-03-29 19:51:09 EDT
Accession Number: 0000950170-24-038807

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. Cybersecurity We are committed to protecting our information systems against cybersecurity threats. Any cybersecurity incident can adversely affect our business and disrupt our operations as described in greater detail in our Risk Factors relevant to cybersecurity risks. Our senior leadership, in consultation with our board of directors, has assigned responsibilities for ensuring and overseeing the operation of our information security program to the Marchex Information Security Committee (the “ISC”) comprised of senior representatives of departments across our organization. Effective risk management is a critical component of our operations. The ISC conducts a formal cybersecurity risk assessment annually. The assessment methodology is designed to identify cybersecurity threats to our information systems and considers a range of relevant risk factors that include both intentional and unintentional human acts by our or our vendors’ personnel, or malicious third-party actors, risks inherent to technology/equipment we and our service providers use, as well as natural and environmental risks. The ISC discusses and documents mitigation strategies based on the risks identified. Results of assessments are reported to senior leadership and our board of directors. To the extent that any control deficiencies or material changes in the threat environment are identified, the ISC may make recommendations for new or improved controls and threat mitigation strategies. The ISC also oversees day-to-day cybersecurity risk mitigation efforts, which include, but are not limited to monitoring systems for availability, performance, and security issues, periodic vulnerability scans, penetration testing performed at least annually by independent, reputable, third-party vendors, as well as evaluating any risk(s) associated with prospective third-party service providers who require access to sensitive customer data and implementing any additional controls to address significant risks identified. Furthermore, the ISC meets quarterly to discuss and analyze any relevant developments within the organization and industry relative to cybersecurity, reviews our internal policies and operational procedures relevant to cybersecurity at least annually, and promulgates updates when deemed necessary or advisable.


Company Information

NameMARCHEX INC
CIK0001224133
SIC DescriptionServices-Business Services, NEC
TickerMCHX - Nasdaq
Website
CategoryNon-accelerated filer
Smaller reporting company
Fiscal Year EndDecember 30