OOMA INC 10-K Cybersecurity GRC - 2024-04-02

Page last updated on July 16, 2024

OOMA INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-04-02 17:29:46 EDT.

Filings

10-K filed on 2024-04-02

OOMA INC filed a 10-K at 2024-04-02 17:29:46 EDT
Accession Number: 0000950170-24-040394

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. Cybersecurity Risk Management, Governance and Strategy We recognize the importance of assessing, identifying, and managing material risks associated with cybersecurity threats. These risks include, among other things: operational risks, intellectual property theft, fraud, extortion, harm to employees or customers and violation of data privacy or security laws. This process is owned by the Chief Information Security Officer (“CISO”) and is supported by both management and our board of directors. Our CISO has served in various information technology and security leadership roles for over 30 years. He has a Master of Science degree in Electrical Engineering from Stanford University. Our board of directors as a whole oversees the Company’s privacy and data security, including cybersecurity, risk exposures, policies and practices, and the steps management has taken to prevent, detect, monitor and control such risks and the potential impact of those exposures on our business, financial results, operations, and reputation. We have tools and protocols in place designed to prevent, detect and escalate security incidents within the Company. Identifying and assessing cybersecurity risk is integrated into our overall risk management systems and processes. Cybersecurity risks related to our business, technical operations, privacy and compliance issues are identified and addressed through a multi-faceted approach including third party assessments and reviews. As part of our risk assessment process, we may perform cybersecurity risk evaluations when selecting applicable third-party vendors, suppliers, and other service providers. To defend, detect and respond to cybersecurity incidents, we, among other things: conduct proactive cybersecurity reviews of systems and applications, conduct employee phishing training, and monitor emerging laws and regulations related to data protection and information security. We have implemented incident response and breach management processes. Notifications are made based on the level of threat of the incident. Incidents are evaluated to determine materiality as well as operational and business impact. Depending on the nature and severity of an incident, this process provides for escalating notification to our CEO and the board of directors. Although the “Risk Factors” section includes further detail about the material cybersecurity risks we face, we believe that risks from prior cybersecurity threats, including as a result of any previous cybersecurity incidents, have not materially affected our business to date. Although we continue to invest in cybersecurity and to enhance our internal controls and processes, we cannot guarantee these measures will be sufficient to protect us from a network security incident. For further information regarding the risks we face from cybersecurity threats refer to the “Risk Factors” within this Form 10-K. Ooma | FY2024 Form 10-K | 45


Company Information

NameOOMA INC
CIK0001327688
SIC DescriptionServices-Computer Processing & Data Preparation
TickerOOMA - NYSE
Website
CategoryAccelerated filer
Fiscal Year EndJanuary 30