Reservoir Media, Inc. 10-K Cybersecurity GRC - 2024-05-30

Page last updated on July 16, 2024

Reservoir Media, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-05-30 16:05:44 EDT.

Filings

10-K filed on 2024-05-30

Reservoir Media, Inc. filed a 10-K at 2024-05-30 16:05:44 EDT
Accession Number: 0001410578-24-000975

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity We maintain robust and comprehensive processes, procedures and controls to protect and secure our information systems and data infrastructure from cybersecurity threats. Our cybersecurity program is led by our Vice President of Technology, who functions as our chief information security officer (" CISO “). Our cybersecurity program interfaces with other functional areas within the Company, including but not limited to our business segments and information technology (” IT “) and legal departments, as well as external third-party partners, to identify and understand potential cybersecurity threats. We regularly assess and update our processes, procedures and management techniques in light of ongoing cybersecurity developments. We also have a cybersecurity specific risk assessment process, which helps identify our cybersecurity threat risks by comparing our processes to standards set by the International Organization for Standardization (” ISO “). Internally, the CISO coordinates oversight of reviewing security alerts, identifying and monitoring ongoing and potential cybersecurity threats, evaluating strategic business impacts of cybersecurity threats and developing programs and initiatives to educate our employees regarding cybersecurity. The CISO also manages our Incident Response Team, which includes a team comprised of executives from various cross - functional management teams, internal technical support roles and external third - party service providers. The Incident Response Team will analyze and, as necessary, escalate cybersecurity incidents both internally and with third - party service providers based on type and severity of the specific incident. We also require cybersecurity training for relevant employees, focusing on the appropriate protection and security of confidential company and third-party information. The IT team provides regular updates to senior management on various cybersecurity threats, assessments and findings and effectiveness of the Company’s cyber risk management program. Our Board of Directors through the Audit Committee oversees our risk management, including our information technology and cybersecurity policies, procedures, and risk assessments. Management reports to our Board of Directors on information security matters as necessary, regarding any significant cybersecurity incidents, as well as any incidents with lesser impact potential. As of the date of this Form 10 - K, the Company is not aware of any cybersecurity incidents that have materially affected or are reasonably likely to materially affect the Company, including its business strategy, results of operations, or financial condition and that are required to be reported in this Form 10 - K. However, the sophistication of cyber threats continues to increase, and the preventative actions we have taken and continue to take to reduce the risk of cyber incidents and protect its systems and information may not successfully protect against all cyber incidents. Should any reportable cybersecurity incident arise, our management shall promptly report such matters to our Board of Directors for further action, including regarding the appropriate disclosure in accordance with SEC regulations, mitigation, and other response or actions that the Board of Directors deems appropriate to take. For more information on how cybersecurity risk may materially affect our business strategy, results of operations, or financial condition, please refer to Item 1A Risk Factors.

Company Information