CROWN CRAFTS INC 10-K Cybersecurity GRC - 2024-06-28

Page last updated on July 16, 2024

CROWN CRAFTS INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-06-28 07:01:00 EDT.

Filings

10-K filed on 2024-06-28

CROWN CRAFTS INC filed a 10-K at 2024-06-28 07:01:00 EDT
Accession Number: 0001437749-24-021478

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. Cybersecurity Cybersecurity Risk Management and Strategy The Company’s cybersecurity measures are primarily focused on ensuring the security and protection of its information technology systems and data. The Company recognizes the increasing volume and sophistication of cybersecurity threats and takes seriously its responsibility to protect these information technology systems and data. The Company considers risks associated with cybersecurity alongside the Company’s other risks as part of its overall risk assessment process. The Company’s Vice President of Information Technology and his staff monitor the Company’s information systems to provide a comprehensive approach to assess, identify, manage, mitigate, and respond to cybersecurity threats. The Company uses cost-effective controls that are commensurate with the risk and sensitivity of its specific information systems, control systems and enterprise data. The Company’s cybersecurity program incorporates best practices and industry standards from multiple sources and includes, but is not limited to, risk assessment, policies and procedures, training and awareness, auditing, log collection and analysis, threat hunting and intelligence surveillance, compliance monitoring and testing, and incident response. When necessary, the Company’s Vice President of Information Technology and his staff collaborate with external third -party subject matter specialists. The Company has processes in place to oversee and identify material risks from cybersecurity threats associated with its use of these providers. All third parties engaged for such matters are subjected to scrutiny to ensure they satisfy the Company’s security standards. The Company periodically reviews its third -party engagements to ensure that the providers maintain the necessary levels of protection and competency, as well as to oversee and identify potential cybersecurity risks and threats from such engagements. As of May 31, 2024, the Company has not identified any risks from known cybersecurity threats, including as a result of any previous cybersecurity incidents, that have materially affected or are reasonably likely to materially affect the Company, including its business strategy, results of operation or financial condition. The Company has further disclosed how risks from cybersecurity threats could potentially have a material impact on the Company, including its business strategy, results of operations, or financial condition, in Part I, Item 1A, “Risk Factors” of this Annual Report. Cybersecurity Governance Cybersecurity, as an important part of the Company’s risk management processes, is a critical area of focus for the Company’s Board of Directors (the “Board”), which is responsible for oversight of the Company’s cybersecurity risk, including the effectiveness of cybersecurity risk management policies and protocols. As part of the Board’s oversight, the Board receives a report at least annually from the Company’s Vice President of Information Technology and other members of the Company’s executive management team. These reports include updates on the Company’s cybersecurity risks and threats, the status of projects intended to strengthen its information security systems, assessments of the cybersecurity program, and the emerging threat landscape. In the event of a cybersecurity incident, the Company has processes by which the incident would be escalated internally and, when appropriate, reported to the Board or an appropriate committee of the Board, as well as for updating the Board regarding the incident until it has been resolved. The Company’s Vice President of Information Technology is responsible for the Company’s cybersecurity strategy and execution. He has more than 30 years of experience in technology and information systems leadership and reports directly to the Company’s Chief Executive Officer.

Company Information