ARK RESTAURANTS CORP 10-K Cybersecurity GRC - 2024-12-19

Page last updated on December 19, 2024

ARK RESTAURANTS CORP reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-12-19 17:20:31 EST.

Filings

10-K filed on 2024-12-19

ARK RESTAURANTS CORP filed a 10-K at 2024-12-19 17:20:31 EST
Accession Number: 0000779544-24-000052

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C . Cybersecurity Risk Management and Strategy We have established policies and processes for assessing, identifying, and managing material risks from cybersecurity threats, and have integrated these processes into our overall risk management systems and processes. Management, with the assistance of third party service providers, routinely assesses material risks from cybersecurity threats, including any potential unauthorized occurrence on or conducted through our information systems that may result in adverse effects on the confidentiality, integrity, or availability of our information systems or any information residing therein. We design and assess our program based on the National Institute of Standards and Technology (“NIST”) Cybersecurity Framework (“CSF”). This does not imply that we meet any particular technical standards, specifications, or requirements, but that we use the NIST framework as a guide to help us identify, assess, and manage cybersecurity risks relevant to our business. 11 We conduct risk assessments at least annually to identify cybersecurity threats based on the NIST CSF. These risk assessments include identifying reasonably foreseeable potential internal and external risks, the likelihood of occurrence and any potential damage that could result from such risks, and the sufficiency of existing policies, procedures, systems, controls and other safeguards we have put in place to manage such risks. Our risk management process also encompasses cybersecurity risks associated with the use of our major third-party vendors and service providers. Following these risk assessments, we design, implement, and maintain reasonable safeguards to minimize the identified risks; reasonably address any identified gaps in existing safeguards; update existing safeguards as necessary; and monitor the effectiveness of our safeguards. While cybersecurity threats have not materially affected our business strategy, results of operations or financial condition, future incidents may interrupt our operations and could materially adversely affect our business, results of operations and financial condition. Governance Our senior management, including our Chief Executive Officer (“CEO”), Chief Financial Officer (“CFO”) and Co-Chief Operating Officers, are responsible for identifying and assessing cybersecurity risks on an ongoing basis, establishing processes designed to provide reasonable assurance that such potential cybersecurity risk exposures are monitored, instituting appropriate mitigation and remediation measures, and maintaining cybersecurity programs. Our cybersecurity program is led by our CFO who has experience in cybersecurity risk management from both a practical and management standpoint and utilizes third-party consulting firms on a regular basis to assist with risk mitigation, incident response and overall maintenance of our cybersecurity program. The Board of Directors considers cybersecurity risk as part of its overall risk oversight function. The Board of Directors receives updates from the CFO regarding the Company’s cybersecurity risk management program at least annually. These include updates on the Company’s cybersecurity risks and threats, the status of projects to strengthen the information security systems, assessments of the information security program, and the emerging cybersecurity threat landscape.

Company Information