Page last updated on November 26, 2024
Cerence Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-11-25 17:19:36 EST.
Filings
10-K filed on 2024-11-25
Cerence Inc. filed a 10-K at 2024-11-25 17:19:36 EST
Accession Number: 0000950170-24-130642
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
Item 1C. Cybersecurity. Cyber Risk Management and Strategy We recognize the importance of assessing, identifying, and managing risks from cybersecurity threats. We have implemented a cybersecurity risk management program in accordance with our risk profile, which is informed by, and incorporates, elements of recognized industry standards. We leverage the support of third-party information technology and security providers, including for cybersecurity audits and risk assessments. We implement technical controls, such as multi-factor authentication and we deploy cybersecurity tools through a leading third-party cybersecurity firm to protect our systems from cybersecurity related risks. We have an enterprise risk management program and we maintain written information security policies, including an incident response plan, which is designed to establish our processes for identifying, responding to, and recovering from cybersecurity incidents. We test this incident response plan on an annual basis. Finally, we have implemented a process to assess and review the cybersecurity practices of certain third-party vendors and service providers, including through the use of vendor security questionnaires. We have not identified any cybersecurity incidents or threats that have materially affected us or are reasonably likely to materially affect us, including our business strategy, results of operations or financial condition. However, like other companies in our industry, we and our third-party vendors may, from time to time, experience threats and security incidents that could affect our information or systems. For more information, please see Item 1A - Risk Factors. Governance Related to Cybersecurity Risks Our cybersecurity risk management program is managed by our Information Security Management Committee. Led by our Chief Information Security Officer (“CISO”), the Information Security Management Committee is made up of cross-functional members of company management and works closely with our third-party information technology and security providers to develop and implement our cybersecurity strategy. Our CISO is responsible for the day-to-day oversight of the assessment and management of cybersecurity risks. The individual who is currently in this role has over 20 years of experience in information security. Our audit committee has oversight over cybersecurity risks. The audit committee reviews the enterprise risk management program quarterly, which includes the cybersecurity risk management program and any identified cybersecurity risks. With the input of the Information Security Management Committee and our information technology providers, the CISO regularly reports to the audit committee on our cybersecurity risk management process, including updates related to security testing, assessments, cyber risk and related cyber strategy, as applicable. In addition, the CISO makes annual cybersecurity reports to our board of directors.
Company Information
| Name | Cerence Inc. |
| CIK | 0001768267 |
| SIC Description | Services-Prepackaged Software |
| Ticker | CRNC - Nasdaq |
| Website | |
| Category | Large accelerated filer |
| Fiscal Year End | September 29 |