FREQUENCY ELECTRONICS INC 10-K Cybersecurity GRC - 2024-08-02

Page last updated on August 2, 2024

FREQUENCY ELECTRONICS INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-08-02 13:25:28 EDT.

Filings

10-K filed on 2024-08-02

FREQUENCY ELECTRONICS INC filed a 10-K at 2024-08-02 13:25:28 EDT
Accession Number: 0001185185-24-000753

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy We believe cybersecurity is critical to our mission achievement to ensure uninterrupted business continuity, and enables us to deliver superior services while safeguarding our customers’ sensitive information. Our cybersecurity risk management processes are integrated into our overall risk management strategy. As part of our risk management strategy, our cybersecurity framework encompasses the following key processes: - Risk-Based Controls for Information Systems: We maintain an Information Technology (IT) infrastructure with physical, administrative, and technical controls tailored to protect the confidentiality, integrity, and availability of our information and systems. - Cybersecurity Incident Response Plan and Testing: We have an incident response plan supported by a dedicated team to address cybersecurity incidents. This includes vulnerability identification, initial assessment, and engagement of external experts as needed. - Training Initiatives: We provide security awareness training to help our employees understand their information protection and cybersecurity responsibilities at FEI. We also provide additional role-based training to employees based on customer requirements, regulatory obligations and industry risks as needed. - Third-Party Assessments: We engage cybersecurity firms to regularly evaluate our cybersecurity posture, helping identify and mitigate risks posed by evolving threats. We continually strengthen our cybersecurity defenses through significant investments in resources and maintaining comprehensive cybersecurity insurance coverage. We maintain an insider threat detection program to proactively identify and mitigate both external and internal threats in a timely manner. We rely on certain third party service providers to assist us with the delivery of our products to our customers. A cybersecurity incident at a supplier or subcontractor could materially adversely impact us. Therefore, we evaluate third party providers from a cybersecurity risk perspective, which may include an assessment of that service provider’s cybersecurity posture through a questionnaire. However, we rely on the third parties we use to implement security programs commensurate with their risk, and we cannot ensure in all circumstances that their efforts will be successful.] Our adherence to Defense Federal Acquisition Regulation Supplement (DFARS) and Cybersecurity Maturity Model Certification (CMMC) requirements ensures strict protection of Controlled Unclassified Information (CUI), mandated by the U.S. Department of Defense. These efforts underscore our unwavering commitment to maintaining the highest cybersecurity resilience standards and regulatory compliance. As a U.S. Government defense industry contractor, we have experienced cybersecurity attacks and may be subject to significant cybersecurity attacks in the future. To date, we are not aware of any cybersecurity threats that have materially affected or are reasonably likely to affect us, including our business strategy, results of operations or financial condition. For additional information, see “Our business could be adversely impacted by significant cybersecurity attacks” in Item 1A. Risk Factors above. Governance The full Board of Directors has overall responsibility for overseeing the cybersecurity processes of identifying and mitigating cybersecurity risks. The Board of Directors has not delegated this responsibility to any one Committee, as its structure and size allows for the entire Board of Directors to oversee this responsibility. Periodically, our management provides updates to the Board of Directors regarding our internal control program, including any significant changes to its IT infrastructure and/or cybersecurity program. Management also communicates directly with the Board of Directors to report any material risks from cybersecurity threats. Our Chief Information Officer (CIO) leads our cybersecurity program and reports directly to our Chief Executive Officer. Our CIO is supported by our internal IT team that assists our CIO in the day-to-day management of the cybersecurity program, including the cybersecurity incident response plan, training initiatives and third-party assessments. Our CIO has over two decades of experience in various cybersecurity functions, including implementing stringent cybersecurity measures to protect sensitive information and meet established security standards, extensive work in IT governance and operations, network intrusion and critical systems protection, Enterprise Resource Planning (ERP) systems, and data analytics.

Company Information