GSI TECHNOLOGY INC 10-K Cybersecurity GRC - 2024-06-13

Page last updated on July 16, 2024

GSI TECHNOLOGY INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-06-13 16:21:29 EDT.

Filings

10-K filed on 2024-06-13

GSI TECHNOLOGY INC filed a 10-K at 2024-06-13 16:21:29 EDT
Accession Number: 0001558370-24-009139

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Cybersecurity Risk Management and Strategy: We recognize the importance of assessing, identifying, and managing material risks associated with cybersecurity threats, as such term is defined in Item 106(a) of Regulation S-K. These risks include, among other things, internal operational risks; system security risks; data protection; risks to proprietary business information; intellectual property theft; fraud; extortion; harm to employees, partners, or customers; violation of privacy or security laws and other litigation and legal risk; and reputational risks. We have implemented several cybersecurity processes, technologies, and controls to aid in our efforts to identify, assess, and manage such material risks. To aide in identifying and assessing material risks from cybersecurity threats, our Enterprise Risk Management program considers cybersecurity risks alongside other significant company risks as part of our overall risk assessment process. We employ a range of tools and services, including regular network and endpoint monitoring and vulnerability assessments to inform our professionals’ risk identification and assessment. We manage these known risks by using internal security controls designed to align with standards set the International Organization for Standardization (“ISO”). In connection with the identification, assessment and management of material risks and cybersecurity threats, we also conduct the following activities at various intervals during the year: ● monitor emerging data protection laws and implement changes from time-to-time to our processes designed to comply with such laws; ● undertake regular reviews of our customer facing policies and statements related to cybersecurity; ● run exercises to simulate a response to a cybersecurity incident and use the findings to improve our processes and technologies; ● run exercises to simulate a response to a cybersecurity incident to provide training to our cyber incident response team; ● conduct a variety of information security and privacy trainings, including new employee training, job-specific security training, specialized training for IT and security personnel, and phishing simulations; and ● carry information security risk insurance to help defray potential losses that might arise from a cybersecurity incident. Our cybersecurity incident response plan was developed to respond to the threat of security breaches, the threat of cyberattacks, and to protect and preserve the confidentiality, integrity, and continued availability of information owned by, or in the care of, the Company. Our incident response plan coordinates the activities that we take to prepare for, detect, respond to, and recover from cybersecurity incidents, which include processes to triage, assess severity for, escalate material cybersecurity incidents to our global crisis management plan, contain, investigate, and remediate the incident. We regularly engage with auditors to review our cybersecurity program to help identify areas for continued focus, improvement and compliance. In our risk factors, we describe how potential risks from cybersecurity threats may affect us, including our business strategy, results of operations, or financial condition. See our risk factor disclosures at Item 1A of this Annual Report on Form 10-K. Cybersecurity Governance: Cybersecurity is an important part of our risk management processes and an area of focus for our Board of Directors and management. The Board has oversight responsibility for the Company’s Enterprise Risk Management framework. The Board as a whole and through the various Board committees oversees the Company’s management of material enterprise level risk, focusing on four areas of risk: strategic, compliance, operational, and financial. To fulfill its oversight responsibility, the Board also regularly reviews, consults, and discusses with management on strategic direction, challenges, and risks faced by the Company. Board members, including members of the Audit Committee, have expertise and/or operational experience in cybersecurity matters. We are committed to maintaining robust governance and oversight of these risks and to implementing mechanisms, controls, technologies, and processes designed to help us assess, identify, and manage these risks. As part of our entire Board’s operational risk management responsibilities, it has oversight of risks from cybersecurity threats. The Audit Committee has been designated with the responsibility to regularly review the Company’s processes and procedures around managing cybersecurity threat risks and cybersecurity incidents. As discussed below, members of management report to the Audit Committee which reports to the entire Board about cybersecurity threat risks, among other cybersecurity related matters, at least annually. In support of the Board’s oversight of the Company’s cybersecurity risk management program, the Audit Committee receives quarterly cybersecurity updates from members of management. These updates include topics, such as threat risk management updates, the results of exercises and response readiness assessments, our incident response plan, and steps management has taken to respond to such threat risks, if any. Members of the Board and Audit Committee are also encouraged to regularly engage in ad hoc conversations with management on cybersecurity-related news events and discuss any updates to our cybersecurity risk management and strategy programs.

Company Information