SAFE & GREEN HOLDINGS CORP. 10-K Cybersecurity GRC - 2024-05-07

Page last updated on July 16, 2024

SAFE & GREEN HOLDINGS CORP. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-05-07 17:31:52 EDT.

Filings

10-K filed on 2024-05-07

SAFE & GREEN HOLDINGS CORP. filed a 10-K at 2024-05-07 17:31:52 EDT
Accession Number: 0001213900-24-040541

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity We maintain a cyber risk management program designed to identify, assess, manage, mitigate, and respond to cybersecurity threats. Maintenance of IT assets, including daily security patch management. Periodic vulnerability scanning, identity access management controls including restricted access of privileged accounts (Multi-factor authentication enforced). Network integrity is safeguarded by employing web-based software, including endpoint protection, endpoint detection and response, spam gateway filtering, data loss prevention policies, SaaS monitoring, and remote monitoring on all devices. Industry-standard encryption protocols on workstations and email, critical data backups, and infrastructure maintenance. Incident response, cybersecurity strategy, and cyber risk advisory, assessment and remediation are maintained and supplied by a 3rd part SOC (Solutions Granted) that is NIST 800-171 compliant. In addition, our cybersecurity framework is meticulously crafted to anticipate and address threats before they can cause harm. We are vigilant in monitoring the ever-changing threat landscape, drawing on intelligence from a multitude of sources to remain at the forefront of potential vulnerabilities. Our Security Operations Center (SOC) is operational 24/7, utilizing cutting-edge threat detection tools that meet SOCII requirements, guaranteeing an immediate response capability. We implement stringent access control policies to ensure that only authorized individuals can interact with sensitive client data. Our Identity and Access Management (IAM) systems conform to ISO/IEC 27001 standards, offering secure authentication processes that encompass multi-factor authentication (MFA) and role-based access controls (RBAC). These safeguards are essential in preserving the integrity and confidentiality of client information. By employing Randtronics remote encryption technology, we provide top-tier security for client data, whether it’s in use or at rest. This leading-edge encryption solution surpasses industry benchmarks, delivering robust protection without compromising system performance. We regularly evaluate and refine our encryption protocols to thwart new cryptographic challenges. A third party-organization conducts frequent security audits to maintain unwavering compliance with legal and regulatory mandates such as GDPR, HIPAA, and CCPA. These audits are a cornerstone of our cyber risk management program, embracing established best practices and standards in cybersecurity and information technology. Our comprehensive policies cover various aspects including information security, access on/offboarding, and account management, directing the protective measures our management team implements to shield IT assets, data, and services from threats and vulnerabilities. The Audit Committee of the Board of Directors oversees our cybersecurity risk exposures and the steps taken by management to monitor and mitigate cybersecurity risks. The cybersecurity stakeholders, including member(s) of management assigned with cybersecurity oversight responsibility and/or third-party consultants providing cyber risk services brief the Audit Committee on cyber vulnerabilities identified through the risk management process, the effectiveness of our cyber risk management program, and the emerging threat landscape and new cyber risks on at least an annual basis. This includes updates on our processes to prevent, detect, and mitigate cybersecurity incidents. The Audit Committee and management have engaged a third-party firm to oversee the complete audit of our cybersecurity and risk management systems to ensure the integrity of the systems that are in place. 35 We face risks from cybersecurity threats that could have a material adverse effect on its business, financial condition, results of operations, cash flows or reputation. We acknowledge that the risk of cyber incident is prevalent in the current threat landscape and that a future cyber incident may occur in the normal course of its business. However, prior cybersecurity incidents have not had a material adverse effect on our business, financial condition, results of operations, or cash flows. We proactively seek to detect and investigate unauthorized attempts and attacks against our IT assets, data, and services, and to prevent their occurrence and recurrence where practicable through changes or updates to internal processes and tools and changes or updates to service delivery; however, potential vulnerabilities to known or unknown threats will remain. Further, there is increasing regulation regarding responses to cybersecurity incidents, including reporting to regulators, investors, and additional stakeholders, which could subject us to additional liability and reputational harm. In response to such risks, we have implemented initiatives such as implementation of the cybersecurity risk assessment process and development of an incident response plan. See Item 1A. “Risk Factors” for more information on cybersecurity risks.

Company Information