JANEL CORP 10-K Cybersecurity GRC - 2024-12-06

Page last updated on December 9, 2024

JANEL CORP reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-12-06 17:00:56 EST.

Filings

10-K filed on 2024-12-06

JANEL CORP filed a 10-K at 2024-12-06 17:00:56 EST
Accession Number: 0001140361-24-048684

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Risk Management and Strategy The Company maintains a comprehensive risk management program designed to assess, identify, and manage material risks facing the Company, including material risks associated with cybersecurity risks and vulnerabilities. Through this risk management program, the Company seeks to mitigate the potential impact of any cybersecurity incidents on the Company’s operations and financial condition. We have a comprehensive set of processes to monitor the prevention, detection, mitigation and remediation of cybersecurity incidents. These processes include: - Implementation of cybersecurity measures, such as firewalls, endpoint intrusion detection and response systems, and anti-virus/anti-malware software. - Employee training and awareness programs to educate all employees about cybersecurity threats, incident reporting and prevention measures. - Monitoring of network traffic and information technology systems for signs of potential threats. - Incident response plan to ensure swift, effective and accurate disclosure of cybersecurity incidents to the appropriate employees of the Company, as well as our Board of Directors, if applicable. We engaged a third-party expert in January 2021 for the development of our information technology (“IT”) risk management program, which included the development of a common framework for assessing and mitigating IT risks for the Company. The framework included a specific cybersecurity category to address measures to protect the Company from malware, ransomware and phishing, among others. The outcome was the creation of Company IT narratives and an IT risk control matrix. We regularly work with a third-party expert to test and update our risk mitigation controls. As of the date of this annual report, we are not aware of any cybersecurity incidents that have had, or are reasonably likely to have, a materially adverse effect on our operations, business, results of operations, or financial condition. As discussed more fully under “Item 1A-Risk Factors”, the sophistication of cyber threats continues to increase, and the preventative actions the Company takes to reduce the risk of cyber incidents and protect its systems and information may be insufficient. No matter how well designed or implemented the Company’s cybersecurity controls are, it will not be able to anticipate all security breaches, and it may not be able to implement effective preventive measures against cybersecurity breaches in a timely manner. See “Item 1A-Risk Factors-Security breaches or cybersecurity attacks may have a material adverse effect on Janel’s ability to operate, could result in personal information being misappropriated and may cause Janel to be held liable or suffer harm to its reputation” and “-Our inability to successfully recover should we experience a catastrophic event, disaster or other business continuity problem could cause material financial loss, loss of human capital, regulatory actions, reputational harm or legal liability.” Governance The Board of Directors maintains oversight of cybersecurity risk primarily through its Audit Committee. The Audit Committee receives regular updates from management on cybersecurity risks and incidents and the overall effectiveness of our cybersecurity programs. The Company’s cybersecurity program is led by the Company’s Chief Information Officer (the “CIO”), who has served in such role since October 2018. Our CIO has over 25 years of experience in the technology industry, which includes experience in data security and cybersecurity. Prior to joining the Company, our CIO ran a web tech consulting company serving small- and medium- sized businesses in healthcare and other industries. The Company conducts quarterly meetings of the IT and financial leadership of the Company’s segments, including the CIO, and information from those meetings is provided to the Company’s Audit Committee, which typically meets on a quarterly basis. At each Audit Committee meeting, the CIO and Chief Financial Officer provide an update to the Audit Committee on any relevant current and new IT risks and the general health of the IT risk management program, including cybersecurity risks. They also provide the Audit Committee with a quarterly written cybersecurity brief from IT leadership, including an incident reporting log, a review of emerging cybersecurity risks and developments, an assessment of the overall effectiveness of our cybersecurity programs and recommended updates to our cybersecurity risk assessment program. Management, along with our CIO, is responsible for developing the cybersecurity strategy and supervising our cybersecurity risk management program. Our IT team supports these efforts by managing day-to-day operations, including threat detection, incident response and system monitoring. Our cybersecurity incident reporting and escalation plan governs our assessment and response upon the occurrence of a material cybersecurity incident, including the process for informing senior Company management and our Audit Committee and/or Board of Directors, as applicable.

Company Information