Research Solutions, Inc. 10-K Cybersecurity GRC - 2024-09-20

Page last updated on September 20, 2024

Research Solutions, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-09-20 16:00:38 EDT.

Filings

10-K filed on 2024-09-20

Research Solutions, Inc. filed a 10-K at 2024-09-20 16:00:38 EDT
Accession Number: 0001558370-24-012920

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity As required by Item 106 of Regulation S-K, the following sets forth certain information regarding our cybersecurity strategy, risk management and governance. We are committed to protecting the confidentiality and integrity of our data, as well as the data of our customers. The mission of our cybersecurity program is to protect the assets used to generate revenue and serve customers while complying with industry frameworks and best practices. Our cybersecurity program consists of cyber defense, governance and compliance, and risk management. Each area has tools, controls, and processes aligned with the National Institute of Standards and Technology Cyber Security Framework. Managing cybersecurity risk and maintaining secure, reliable, and functional systems are among our highest priorities. Therefore, we have implemented tools, procedures, processes, and management mechanisms to help us achieve a robust cybersecurity environment, and a reliable cybersecurity posture We maintain an information security program comprised of policies and controls designed to reduce our cybersecurity attack surface and to mitigate cybersecurity risk. However, at any given time, we face known and unknown cybersecurity risks and threats that are not fully mitigated, and we discover vulnerabilities in our program. We continuously work to enhance our information security program and risk management efforts. Risk Management and Strategy Our cyber defense practices prioritize protection against cyber threats. We have operationalized tools and processes designed to educate, assess, identify, address, and manage risks from cybersecurity threats that may result in material adverse effects on the confidentiality, integrity and availability of our business and information systems. We routinely perform cybersecurity assessments, including with the assistance of external third parties, to identify, assess, and prioritize potential risks that could affect our information and data assets and infrastructure. Once identified, the mitigation of these risks is given our highest priority. In addition, we use a threat intelligence platform to routinely monitor risks specific to both our organization and third parties. Risks we identify are assessed based on severity and are addressed as appropriate through both tactical and strategic plans. Our governance and compliance practice focuses on cybersecurity and data privacy policy taxonomy and policy compliance. We have implemented a number of measures to enhance the security and resiliency of our information and data systems. These measures include, but are not limited to: (i) user access control management; (ii) intrusion detection and prevention systems; (iii) information security continuity measures, including redundant systems and information backups; (iv) system segmentation; (v) encryption of critical information and data; (vi) event logging; (vii) implementation of an application patching and update cadence; and (viii) incident response planning and least privilege access methodology. Cybersecurity Governance Our Board of Directors delegates to the Audit Committee the oversight of our programs, policies, and procedures related to cybersecurity, information asset security, and data privacy and protection. Broad oversight is maintained by our full Board, which receives a report from the Audit Committee at least annually. Our CTO oversees our cybersecurity matters and reports to both the Audit Committee and the Board at least once a year, or more frequently as needed. The Audit Committee reviews and discusses with Company management key processes and risk indicators, progress on plans to address key risks, and any material changes in threat landscapes or risk posture which could negatively affect our business. Training and Awareness Our Company’s employees are a critical part of our defense against potential cybersecurity incident exposure. All of our associates and contractors have a responsibility and a role to play by complying with our cybersecurity operational practices and reporting any potential cybersecurity incidents or exposures to our cybersecurity team. To ensure that associates can play their part in protecting our networks and data from cybersecurity incident exposure, all of our associates receive cybersecurity training in the form of online modules on an annual basis, routine simulations to assess risk, and retraining where necessary. Material Cybersecurity Risks, Threats & Incidents We are not aware of any cyber event that has had a material effect on our business. However, we cannot ensure that we will not experience any such event in the future. Any security breach or other significant disruption involving our computer networks and related systems could cause substantial costs and other negative effects, including litigation, remediation costs, costs to deploy additional protection strategies, compromising of confidential information, and reputational damage adversely affecting investor confidence. In addition, a penetration of our systems or a third-party’s systems or other misappropriation or misuse of personal information could subject us to business, regulatory, litigation and reputation risk, which could have a negative effect on our business, results of operations and financial condition . See Item 1A. Risk Factors for further details on risks related to potential breaches of our information technology systems.

Company Information