Everything Blockchain, Inc. 10-K Cybersecurity GRC - 2024-05-15

Page last updated on July 16, 2024

Everything Blockchain, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-05-15 13:53:49 EDT.

Filings

10-K filed on 2024-05-15

Everything Blockchain, Inc. filed a 10-K at 2024-05-15 13:53:49 EDT
Accession Number: 0001477932-24-002949

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY. Risk Management and Strategy We have implemented and maintain a cybersecurity program in alignment with NIST standards and industry best practices. This cybersecurity program is designed to identify, assess, and manage material risks from cybersecurity threats to (i) our information systems and data, which include critical computer networks, third-party hosted services, communications systems, hardware, and software, and (ii) critical data, including our intellectual property, confidential information that is proprietary, strategic, or competitive in nature, and our customers’ data. Core policies within the program include an information security policy, business continuity and disaster recovery policy, incident response policy, cyber supply chain risk management policy, and software development lifecycle policy. The Company relies on third-party service providers for a variety of products and services to run its information systems. Our Company’s Chief Information Officer and Chief Information Security Officer are provided to us by a third-party service provider. This dependence exposes us, along with others who use these service providers, to the impact of a cyber-attack on their service providers. It is possible for a cyber-attack at a third-party service provider to have a significant financial, operational, or reputational impact to the Company. To reduce the effective impact to the Company of a cyber-attack on a third-party service provider, we continuously monitor the risks associated with our service providers through review of these providers’ cybersecurity programs annually and when material changes to their programs occur. Governance Our Board of Directors has a Risk Committee to assist it in fulfilling its oversight responsibility with respect to the management of cybersecurity risks related to our products and services as well as our information technology and network systems. The responsibilities of the Risk Committee include overseeing our implementation and maintenance of cybersecurity measures, data governance, and compliance with applicable information security laws. The Risk Committee receives reports from management concerning our significant cybersecurity threats and risk and the processes we have implemented to address them. In addition, our Audit Committee has oversight responsibility over our internal financial controls and our risk management program, including disclosure controls related to cybersecurity. Senior management is responsible for the day-to-day operations of protecting the Company’s information systems and periodically provides cybersecurity briefings to the entire board of directors. This includes a full brief and update to the Board of Directors from the Chief Information Officer and Chief Information Security Officer on the state of the Company’s cybersecurity program on at least an annual basis.

Company Information