Bowlero Corp. 10-K Cybersecurity GRC - 2024-09-05

Page last updated on September 5, 2024

Bowlero Corp. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-09-05 16:18:54 EDT.

Filings

10-K filed on 2024-09-05

Bowlero Corp. filed a 10-K at 2024-09-05 16:18:54 EDT
Accession Number: 0001628280-24-039546

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Bowlero Corp. developed, implemented, and maintains a cybersecurity program to identify, assess, and mitigate cybersecurity risks leveraging industry frameworks, including NIST CSF (Cyber Security Framework) and PCI DSS (Data Security Standards), which serves as a reference for the cybersecurity program. As part of its program, Bowlero maintains various safeguards to protect the confidentiality, integrity, and availability of data and information systems, including: - Third-party managed detection and response service to monitor for cybersecurity threats and provide incident response. Bowlero uses MDR (Managed Detection and Response) from a leading company for initial detection and incident response; - Layered controls to help detect, prevent, and mitigate cyber security threats to Bowlero systems and data, including various techniques such as firewall policies, DNS protection solutions, SIEM, and IPS; - Policies, standards, and procedures to establish Bowlero’s expectations and requirements for managing risks; - Cyber security training for employees and quarterly phishing testing; and - Monitoring of cyber security risks associated with third-party service providers using identity protection solutions, firewall solutions, Connectwise Control, and other methods. Bowlero also utilizes third party services from multiple cybersecurity experts on matters including internal and external vulnerability scanning and penetration testing, cybersecurity gap assessments, consulting on best practices, and addressing new challenges. The company uses information from these services to improve its cybersecurity policies, procedures, and tools. Cybersecurity-related risks are constantly monitored and evaluated for actions and prioritization based on the perceived risk to the company data and systems. There has been no known material impact from any cybersecurity incidents over the period covered by this annual report to the Company’s financial results or operations, nor do we believe any risks from cybersecurity threats are reasonably likely to materially affect the Company, its business strategy, results of operations or financial condition. For more information on our cybersecurity related risks, see section Risks Related to Information Technology and Cybersecurity within " Risk Factors “. Governance Our Audit Committee has primary oversight of the Company’s information security programs, including cybersecurity. Bowlero’s Information Technology Department regularly updates the Audit Committee on information security matters, and the Audit Committee periodically advises Bowlero’s full Board of Directors on information security and cybersecurity risks. These updates include a review of the appropriateness of our various procedures related to the security of our network and data, as well as the evaluation of new and existing technologies and their effectiveness in meeting our business objectives. The cybersecurity oversight within the IT department is led by the VP of IT Infrastructure and Senior Manager of Network and Security, who have over 30 years of IT experience between them. Information on currently implemented security products and controls and statistics on system counts for managed detection and response coverage are presented, along with compliance information.

Company Information