Good Times Restaurants Inc. 10-K Cybersecurity GRC - 2024-12-12

Page last updated on December 12, 2024

Good Times Restaurants Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-12-12 16:08:28 EST.

Filings

10-K filed on 2024-12-12

Good Times Restaurants Inc. filed a 10-K at 2024-12-12 16:08:28 EST
Accession Number: 0001214659-24-020434

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY The Company recognizes the critical importance of maintaining the safety and security of our systems and data amidst an ever-evolving landscape of cybersecurity threats and has adopted a process for overseeing and managing cybersecurity and related risks. Our approach to cybersecurity encompasses a wide range of strategies, practices, and technologies designed to safeguard our systems and data. This process involves continuous monitoring, risk assessment, implementation of advanced security measures, and regular updates to our protocols to address emerging threats. As of the date of this report, we are not aware of any cybersecurity incidents that have had a material effect on our operations, business, results of operations, or financial condition. Cybersecurity Risk Management and Strategy As part of the Company’s overall risk management strategy, the Company has instituted a cybersecurity risk management program and a set of procedures to protect, identify, detect, respond to, and manage reasonably foreseeable cybersecurity risks and threats. A variety of security tools are utilized to prevent, identify, investigate, address, and recover from identified vulnerabilities and security incidents. We employ security technologies, including firewalls, encryption, intrusion detection systems, and multi-factor authentication. In addition, we purchase cybersecurity insurance through a reputable carrier, which includes access to a breach coach and a preferred panel of experienced, qualified vendors to respond to an actual attack. There can be no assurances that our cybersecurity risk management program, including policies, controls, or procedures will be effective in preventing successful attacks on our information technology infrastructure or digital assets, or that the limits of our cybersecurity policy will be sufficient to cover losses which could be incurred in a successful attack. Personnel and Third-Party Engageme nt Our Information Technology department is led by the Director of Technology who has more than twenty years of experience in technology management and cybersecurity, conducts regular risk assessments and continuously monitors our networks and systems. The Company engages third party risk security vendors to identify, mitigate, and remediate cybersecurity risks. A third-party vendor is utilized to perform quarterly scans of all our network endpoints. Any issues identified by the scans are remediated. Annual penetration tests are conducted, which simulate real-world threats, including social engineering threats, to the Company’s network and other digital assets. These tests include comprehensive “Dark Web” searches of all domain user emails. We require the annual submission of SOC 1 security certificates from third party vendors that provide systems underlying our financial reporting infrastructure or with access to our financial and sales data. Governance The Director’s presentation at the Company’s monthly senior leadership meeting, led by the CEO, includes the results of the most recent scans and routine testing. Should a cybersecurity incident occur, the Director would immediately report it to the CEO, who would report any material cybersecurity breach promptly to the Company’s Board of Directors. The Board of Directors is acutely aware of the critical nature of managing risks associated with cybersecurity threats. The Audit Committee has the primary responsibility to oversee effective governance in managing risks associated with cybersecurity threats. At each quarterly Audit Committee meeting, Management presents a cybersecurity update, which includes results of testing by third-party vendors and any suspected cybersecurity incidents.

Company Information