Lifevantage Corp 10-K Cybersecurity GRC - 2024-08-28

Page last updated on August 28, 2024

Lifevantage Corp reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-08-28 16:05:36 EDT.

Filings

10-K filed on 2024-08-28

Lifevantage Corp filed a 10-K at 2024-08-28 16:05:36 EDT
Accession Number: 0000849146-24-000073

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C - CYBERSECURITY Risk Management and Strategy We have implemented and maintain a cybersecurity risk management program through our security steering committee, which is designed to assess risks from cybersecurity threats, monitor our information systems for potential vulnerabilities, and test those systems pursuant to our cybersecurity policies, processes, and practices, which are integrated into our overall risk management program. The members of our security steering committee represent the following functional areas: cybersecurity and infrastructure; corporate risk and privacy; personnel; and finance and fraud management. The security steering committee collaborates with and manages third parties, as appropriate, to assess the effectiveness of our cybersecurity prevention and response systems and processes. These third parties may include cybersecurity assessors, consultants, and other external cybersecurity experts to assist in the identification, verification, and validation of cybersecurity risks, as well as to support associated mitigation plans when necessary. To protect our information systems from cybersecurity threats, we also ask our employees to take periodic cybersecurity training and we use various security tools that are designed to help identify, escalate, investigate, resolve, and recover from security incidents in a timely manner. We have not identified risks from known cybersecurity threats to the business, including as a result of any prior cybersecurity incidents, that have materially affected or are reasonably likely to materially affect our Company, including our business strategy, results of operations, or financial condition. See our risk factor " We are subject to evolving laws, policies, and contractual obligations related to data privacy and security, including cybersecurity, and our actual or perceived failure to comply with such obligations or perceived failure to maintain the integrity of our data could expose us to data loss or litigation, harm our reputation, subject us to significant fines and liability, or otherwise affect our business, prospects, financial condition, and operating results." in Part I, Item 1A. (“Risk Factors”) for additional details regarding cybersecurity risks and potential impacts on our business. Cybersecurity Governance Our board is actively involved in the assessment, oversight and management of the material risks that could affect the Company. The board carries out its risk oversight and management responsibilities by monitoring risk directly as a full board and, where appropriate, through its committees. Our board has delegated to the audit committee the oversight responsibility for risks and incidents relating to cybersecurity threats, including compliance with disclosure requirements, cooperation with law enforcement, and related effects on financial and other risks. The audit committee reports any material or notable cybersecurity incidents, findings and recommendations, as appropriate, to the full board for consideration. Our Chief Technology Officer (“CTO”) also presents to the audit committee and to the board, as appropriate, any updates, changes, or improvements on the Company’s cybersecurity risk management program. Our CTO, with over 28 years of experience in IT and operational technology security, has the primary responsibility of overseeing our cybersecurity risk management program and assessing and managing any material risks related to cybersecurity threats. Our CTO supervises efforts to help prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, which may include briefings from internal information systems personnel and reports produced by security tools deployed in the technical environment.

Company Information