KURA SUSHI USA, INC. 10-K Cybersecurity GRC - 2024-11-08

Page last updated on November 8, 2024

KURA SUSHI USA, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-11-08 16:11:37 EST.

Filings

10-K filed on 2024-11-08

KURA SUSHI USA, INC. filed a 10-K at 2024-11-08 16:11:37 EST
Accession Number: 0000950170-24-124091

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurit y Risk Management and Strategy Our cybersecurity program is designed to monitor and control cybersecurity risk exposure, response, mitigation and protect the confidentiality and integrity of our critical systems and information. Our cybersecurity policies and processes are fully integrated into the Company’s Enterprise Risk Management program. Our cybersecurity program is based on industry recognized best practices, including the ISO 27001 Information Security, Cybersecurity and Privacy protection international best practice standard. Our cybersecurity risk management program includes: 34 - Ongoing risk assessments to help identify material cybersecurity risks to our critical systems and information by performing regular scans of our environment, assessing incident trends and engaging third parties to assess the effectiveness of our cybersecurity practices; - The use of external service providers, where appropriate, to monitor, identify, assess, test and remediate, or otherwise assist with aspects of our security controls; - Mandatory cybersecurity awareness training for employees and simulated phishing attacks; - A disaster recovery and business-continuity plan and controls designed to protect against business interruption, including the backing up of our critical systems; - A cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents, internal reporting to management and the board of directors; - Cybersecurity insurance which is assessed annually; and - Risk management process for service providers, suppliers, and vendors. Cybersecurity risks are monitored on an ongoing basis, and the security program and practices are adjusted as necessary. We are not currently aware of risks from known cybersecurity threats that have materially affected or are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition. Cybersecurity Governance Our board of directors considers cybersecurity risk as part of its risk oversight function and oversees management’s implementation of our cybersecurity risk management program, including the steps taken to monitor, minimize or control such risks or exposures. The board of directors receives quarterly reports from management regarding the status of the cybersecurity program, current activities and planned projects. In addition, management will update the board of directors, as necessary, regarding any significant cybersecurity incidents that we may experience. Our management team is responsible for assessing and managing our material risks from cybersecurity threats. The team has primary responsibility for our overall cybersecurity risk management program and supervises both our internal cybersecurity personnel and our external cybersecurity consultants. Our management team’s cybersecurity risk management is led by our Vice President of IT, who has over 20 years of experience in both restaurant and technology sectors and has held technology leadership roles at major national restaurant companies. Additional information on cybersecurity risks is discussed in Part I, Item 1A, “Risk Factors,” under the heading “We rely significantly on information technology and cybersecurity, and any material failure, weakness, interruption or breach of security could prevent us from effectively operating our business.”

Company Information