Staffing 360 Solutions, Inc. 10-K Cybersecurity GRC - 2024-06-12

Page last updated on July 16, 2024

Staffing 360 Solutions, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-06-12 06:16:00 EDT.

Filings

10-K filed on 2024-06-12

Staffing 360 Solutions, Inc. filed a 10-K at 2024-06-12 06:16:00 EDT
Accession Number: 0001493152-24-023534

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY. We operate in the domestic staffing sector, which is subject to various cybersecurity risks that could adversely affect our business, financial condition, and results of operations, including intellectual property theft; fraud; extortion; harm to employees or customers; violation of privacy laws and other litigation and legal risk; and reputational risk. We recognize the critical importance of developing, implementing, and maintaining robust cybersecurity measures to safeguard our information systems and protect the confidentiality, integrity, and availability of our data. We currently have security measures in place to protect [client/‌patient/‌customers’/‌employees’/‌vendors’ information] and prevent data loss and other security breaches, including a cybersecurity risk assessment program. Both management and the Board of Directors are actively involved in the continuous assessment of risks from cybersecurity threats, including prevention, mitigation, detection, and remediation of cybersecurity incidents. Our current cybersecurity risk assessment program consists of a cybersecurity incident response program. This program outlines governance, policies and procedures, and technology we use to oversee and identify risks from cybersecurity threats and is informed by previous cybersecurity incidents we have observed both within the Company and in our industry. The Security Response team is responsible for day-to-day assessment and management of risks from cybersecurity threats, including the prevention, mitigation, detection, and remediation of cybersecurity incidents. The individuals that comprise this team are the Chief Operating Officer, the Director of IT, the Corporate Controller, the Senior Vice President, Corporate Finance and the Vice President People and Culture. Upon occurrence of an event the Chief Operating Officer is notified of the occurrence and then updated periodically about the event until resolution. Dimitri Villard, a member of our Board of Directors, is responsible for oversight of risks from cybersecurity threats in conjunction with the Chief Executive Officer and the Chief Operating Officer. The Board receives regular reports and updates from the Chief Operating Officer with respect to the management of risks from cybersecurity threats. Such reports cover the Company’s information technology security program, including its current status, capabilities, objectives and plans, as well as the evolving cybersecurity threat landscape. Additionally, the Board considers risks from cybersecurity threats as part of its oversight of the Company’s business strategy, risk management, and financial oversight. We undertake activities to prevent, detect, and minimize the effects of cybersecurity incidents, including required employee training in security awareness when hired and then annually. In addition, we maintain business continuity, contingency, and recovery plans for use in the event of a cybersecurity incident. We also have policies and procedures to oversee and identify the risks from cybersecurity threats associated with our use of third-party service providers. Many of our systems and networks are cloud-based, the Company cannot control the future performance and reliability of these systems. The risk of a cyberattack on one of these third-party vendors carries the same risk as any internally maintained system. We seek to reduce this risk by performing vendor due diligence prior to engaging any vendor that has access to sensitive data. In addition, on at least an annual basis, we obtain SOC 1 and/or SOC 2 reports to ensure the vendor has the proper internal controls in place to secure our data. To date, no cybersecurity incident (or aggregation of incidents) or cybersecurity threat has materially affected our results of operations or financial condition. However, an actual or perceived breach of our security could damage our reputation, cause existing clients/customers to terminate their contracts, prevent us from attracting new clients, maintaining current clients, results of operations, or financial condition or subject us to third-party lawsuits, regulatory fines or other actions or liabilities, any of which could adversely affect our business, operating results or financial condition. For further information, see “Risk Factors-[ caption of specific cybersecurity risk factor ]” in Item 1A of this Annual Report on Form 10-K. We have attempted to preemptively mitigate the financial impact of any cybersecurity incident and currently maintain a cyber liability insurance policy. However, our cyber liability insurance may be inadequate or may not be available in the future on acceptable terms, or at all. In addition, our cyber liability insurance policy may not cover all claims made against us, and defending a suit, regardless of its merit, could be costly and divert management’s attention from our business and operations. The company faces cybersecurity risks and threats that could have a material impact on the Company are discussed further in Item 1A Risk Factors. Those sections of Item 1A should be read in conjunction with this Item 1C. 22

Company Information