CXApp Inc. 10-K Cybersecurity GRC - 2024-05-23

Page last updated on July 16, 2024

CXApp Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-05-23 19:41:59 EDT.

Filings

10-K filed on 2024-05-23

CXApp Inc. filed a 10-K at 2024-05-23 19:41:59 EDT
Accession Number: 0001829126-24-003713

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Disclosures Risk Management and Strategy CXApp’s information security program is implemented based on ISO 27001 and SOC 2 frameworks. Risk Management Program As part of the information security program, CX App has a risk management program that continuously engages in the process of identifying, evaluating, and treating risks around the organization’s valuable information. It addresses uncertainties around information assets to ensure the desired business outcomes are achieved. CX App performs annual Risk Assessments (RAs) to determine security risks in corporate operations, products, and services, and initiates appropriate remediation. CXApp’s information security program is aligned with business objectives that establish rules governing how to identify risks, assign risk ownership, how the risks impact the confidentiality, integrity and availability of the information and the method of treatment for identified risks. A formal risk assessment methodology is approved by management. The risk management framework includes guidelines for identifying and estimating the cost of protective measures to eliminate or reduce the security risks to an acceptable level. All operations, products, services, information assets and information systems that are owned and operated by CXApp are assessed for risks that result from threats to the integrity, availability, and confidentiality of CXApp’s data. The risk management program focuses on the following five types of activities: ● Identification of Strategic Objectives: The alignment of strategic objectives and risk management to avoid siloed risk management approach. This is the key step in performing risk assessments. ● Identification of Risks: A continuous effort to identify which risks are likely to affect the CXApp’s strategic objectives and consequently security functions and business continuity of CXApp and documenting their characteristics. ● Analysis of Risks: An estimation of the probability (likelihood), impact, and prioritization of risks relative to each other. ● Mitigation Planning: Decisions and actions that will reduce the impact of risks as well as limit the probability of their occurrence or improve the response to a risk occurrence. ● Tracking and Controlling Risks: Collection and reporting of status information about risks and their mitigation plans, response to changes in risks over time, and management oversight of corrective measures taken in accordance with the mitigation plan. Governance As part of the risk management program, responsibility is assigned to Information Technology (IT) Department, systems owners, department managers, and executive management. 34 Management’s Role in Managing Risks IT Department is responsible for conducting a risk assessment as well as prioritizing, implementing, and maintaining the appropriate risk-reduction measures defined in the risk assessment process. Risk owners are the individuals who are ultimately accountable for ensuring the risk is managed appropriately. There may be multiple personnel who have direct responsibility for or oversee activities to manage each identified risk and collaborate with the accountable risk owner in his/her risk management efforts. Responsibilities for the continued development, implementation, and maintenance of the risk management program are also assigned internally to IT. Executive Management is responsible for the sponsorship and support of the risk management plan and processes, participating in the risk management meetings, and reviewing and approving risk assessments and risk mitigation plans. Board of Directors Oversight The Board of Directors plays an active role by meeting periodically to review the status of the organization’s the information security program and roadmap for new cybersecurity risk management initiatives. The board oversees cybersecurity risk management by evaluating whether management has current cybersecurity policies and procedures, regularly assesses, and monitors cybersecurity risks and receives regular reports on the organization’s cybersecurity posture.

Company Information