DLH Holdings Corp. 10-K Cybersecurity GRC - 2024-12-04

Page last updated on December 4, 2024

DLH Holdings Corp. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-12-04 16:30:41 EST.

Filings

10-K filed on 2024-12-04

DLH Holdings Corp. filed a 10-K at 2024-12-04 16:30:41 EST
Accession Number: 0000785557-24-000067

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Risk Management and Strategy As a leading provider of technology-enabled healthcare and public health services, medical logistics, and readiness enhancement services, we continuously monitor for and defend against cyber threats and advanced persistent threats both internally and for our clients. Our cybersecurity risk management program is an integral part of our overall enterprise risk management program, and is designed to assess, identify, manage and mitigate internal and external cybersecurity risks, threats and incidents As a public company and a government contractor, we are required to comply with extensive security and compliance regulations and standards and we employ technologies and have implemented programs and processes to continually assess, identify, and manage cybersecurity risks as we aim to incorporate industry best practices throughout our cybersecurity program. Our cybersecurity risk management program is designed to align with the National Institute of Standards and Technology (“NIST”) Cybersecurity Framework and comply with extensive regulations, including U.S. government cybersecurity regulations. Our policies and implemented controls are assessed at least annually by external organizations for compliance with Federal Risk and Authorization Management (“FedRAMP”), Federal Information Security Modernization Act (“FISMA”), Cybersecurity Maturity Model Certification (“CMMC”), and International Organization for Standardization (“ISO”) 27001 standards. We also conduct periodic penetration tests, threat simulations, and exercises to test the effectiveness of our cybersecurity defenses and controls, as well as our ability to respond to and recover from cybersecurity incidents. We undertake efforts to address and mitigate risks from vulnerabilities identified during such assessments, simulations, and exercises, including through employee cybersecurity training and ongoing investments in capabilities to protect our assets. Governance and Management’s Responsibilities Our cybersecurity risk management program is led by Executive and Senior management, who hold a number of certifications including Certified CMMC Professional (“CCP”), Certified Information Security Manager (“CISM”), and Project Management Professional (“PMP”). Management is responsible for our information security strategy, policies, security architecture and engineering, security operations, and cybersecurity threat detection and response. The team of senior management officers responsible for our cybersecurity function is tasked with ensuring that potential cybersecurity risks are monitored, appropriate mitigation measures are implemented, and our processes for identifying and assessing cybersecurity risks and reporting cybersecurity breaches and other information security incidents operate as designed and comply with applicable requirements. Our Board and its committees oversee the Company’s risk management processes, including but not limited to those relevant to cybersecurity risks. Our Cybersecurity, Technology, and Biomedical Research (“CTBR”) Committee is chaired by an independent director who is certified in Cybersecurity Oversight. The CTBR Committee receives briefings on our cybersecurity posture and cybersecurity trends and risks from management. Our CTBR Committee regularly briefs our Board of Directors on security posture, planned activities, and cybersecurity risks which may cause a material, adverse impact to the Company’s operations, reputation, or value and will report any findings or make recommendations to the Board, as appropriate. Cybersecurity Threats To date, we have not identified any cybersecurity threats that have materially affected or are reasonably likely to materially affect our business operations or financial condition. While we have taken significant steps to manage cybersecurity risks, there can be no assurance that these measures will prevent all potential incidents. For more information on our cybersecurity related risks, see Item 1A Risk Factors of this Annual Report on Form 10-K. 23

Company Information