Roadzen Inc. 10-K Cybersecurity GRC - 2024-07-01

Page last updated on July 16, 2024

Roadzen Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-07-01 16:25:37 EDT.

Filings

10-K filed on 2024-07-01

Roadzen Inc. filed a 10-K at 2024-07-01 16:25:37 EDT
Accession Number: 0000950170-24-079647

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. Risk Management and Strategy We have risk management processes in place for identifying, assessing and mitigating cybersecurity and risks from potential unauthorized occurrences on or through our electronic information systems that could adversely affect the confidentiality, integrity, or availability of our information systems or the information residing on those systems. These include a wide variety of mechanisms, controls, technologies, methods, systems and other processes that are designed to detect, prevent or mitigate data loss, theft, misuse, unauthorized access, interference with operations, or other security incidents or vulnerabilities affecting the data. The data includes confidential, proprietary, and business and personal information that we collect, process, store, and transmit as part of our business, 47 including on behalf of third parties. Cybersecurity concerns are an important consideration in our application development and the design of our infrastructure and operations technology. We also use systems and processes designed to reduce the impact of a security incident to our clients or their customers. Additionally, we use processes to oversee and identify material risks from cybersecurity threats associated with our use of third-party technology and systems, including: technology and systems that we use for encryption and authentication, employee email, communication to clients and their customers, operational support, and other functions. Governance Our executive leadership team is responsible for our overall enterprise risk management system and processes and regularly consider cybersecurity risks in the context of other material risks to the Company. As part of our cybersecurity risk management system, our incident management teams are responsible to track and log privacy and security incidents across Roadzen platforms and our vendors and other third-party service providers to remediate and resolve any incidents, should they arise. In case there are any incidents, it is promptly reviewed by a cross-functional working group to determine whether further escalation is appropriate. Any incident assessed as potentially being or potentially becoming material shall be immediately escalated for further assessment, and shall be reported to designated members of our senior management. We consult with our counsels as appropriate, including on materiality analysis and disclosure matters, and our senior management makes the final materiality determinations and disclosure and other compliance decisions. Our corporate governance committee has oversight responsibility for risks and incidents relating to cybersecurity threats, including compliance with disclosure requirements, cooperation with law enforcement, and related effects on financial and other risks, and the committee is responsible to report any findings and recommendations, as appropriate, to the full board for consideration. Senior management regularly discusses cyber risks and trends and, should any issues arise, they review all material incidents with the corporate governance committee. Our corporate governance and audit committees discuss policies with respect to risk assessment and risk management, including risks associated with the reliability and security of the Company’s information technology and security systems, and the steps management has undertaken to monitor and control such exposures. Our board receives updates on the Company’s cybersecurity risk management programs from management. Our business strategy, results of operations and financial condition have not been affected by risks from cybersecurity threats, however, we cannot provide assurance that they will not be materially affected in the future by such risks or any future material incidents. For more information on our cybersecurity related risks, see Item 1A Risk Factors under " Our solutions or products or our third-party cloud providers have experienced in the past, and could experience in the future, data security breaches, which could adversely impact our reputation, business, and ongoing operations" .

Company Information