Page last updated on July 16, 2024
Accolade, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-04-25 17:43:22 EDT.
Filings
10-K filed on 2024-04-25
Accolade, Inc. filed a 10-K at 2024-04-25 17:43:22 EDT
Accession Number: 0001481646-24-000020
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
Item 1C. Cybersecurity Risk Management and Strategy We believe cybersecurity is critical to our mission to help every person live their healthiest life. Our customers, members, partners, and employees trust Accolade to maintain a secure environment for their health information. We process and maintain sensitive data on our customers and members in the form of PHI and PII and we maintain intellectual property of our solutions and PII of our employees. Because of the sensitivity of this data, we are subject to various cybersecurity threats that could adversely affect our business, customers, and members through impacts to the confidentiality, integrity, and availability of our systems. As part of our enterprise risk management (“ERM”) program, we maintain a cybersecurity program in an effort to reduce the risk of a breach of our systems or information. Our cybersecurity program includes policies and controls which are regularly reviewed through internal assessments. We have an active HITRUST certification for our expert medical opinion offering and Service Organization Control (“SOC”) 2 Type II security compliance reports that are issued by third-party entities for our other offerings. We have controls in place intended to assess our cybersecurity readiness and prevent unauthorized access to our critical systems, including, for example, vulnerability scanning of our systems, detection and blocking of potentially malicious email, multifactor authentication, and security review of our vendors. We also actively engage with the law enforcement community, industry groups, and key vendors to maintain awareness of the evolving threat environment. We have a documented cybersecurity response plan for identification and assessment of cybersecurity incidents, including an escalation process for management to assess the materiality of an incident. Despite our cybersecurity program, we cannot guarantee that we will not be subject to a material cybersecurity incident. For a description of the risks from cybersecurity threats that may materially affect the Company, and how they may do so, see Item 1A-“Risk Factors” included elsewhere in this Annual Report on Form 10-K. As of the date of this Annual Report, we have determined that there have been no cybersecurity incidents which materially impacted our business, financial condition, or results of operations. Governance Our board of directors maintains oversight of our risk management and the audit committee of our board of directors maintains primary responsibility related to overseeing our cybersecurity risk. One member of our audit committee has experience in cybersecurity and provides perspective regularly. We maintain a cybersecurity program to identify, assess, and manage our cybersecurity threats that is led by our Chief Information Security Officer (“CISO”) and General Counsel / Chief Compliance Officer. These individuals regularly engage with the audit committee and other members of senior management to discuss cybersecurity risks.
Company Information
Name | Accolade, Inc. |
CIK | 0001481646 |
SIC Description | Services-Business Services, NEC |
Ticker | ACCD - Nasdaq |
Website | |
Category | Large accelerated filer |
Fiscal Year End | February 28 |