Track Group, Inc. 10-K Cybersecurity GRC - 2024-12-23

Page last updated on December 24, 2024

Track Group, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-12-23 12:11:21 EST.

Filings

10-K filed on 2024-12-23

Track Group, Inc. filed a 10-K at 2024-12-23 12:11:21 EST
Accession Number: 0001437749-24-038259

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity At Track Group, Inc., we recognize the critical importance of maintaining the trust and confidence of our customers, partners, and employees. We maintain a comprehensive process for identifying, assessing, and managing material risks from cybersecurity threats (as such term is defined in Item 106(a) of Regulation S-K) as part of our broader risk management system and processes. The cybersecurity risk management system involves risk assessments, implementation of security measures, and ongoing monitoring of systems and networks, including networks on which we rely. We actively monitor the current threat landscape in an effort to identify material risks arising from new and evolving cybersecurity threats. We obtain input, as appropriate, for our cybersecurity risk management program on the security industry and threat trends from consultants, cybersecurity assessors, auditors and other third parties to gather certain insights designed to identify and assess material cybersecurity threat risks, their severity and potential mitigations. To protect the information that we gather and the availability of our information systems from cybersecurity threats, we have an ongoing cybersecurity risk mitigation program, which includes maintaining up-to-date detection, prevention and monitoring systems. We define a cybersecurity threat as any potential unauthorized occurrence on or conducted through our information systems or information systems of a third party that we utilize in our business that may result in adverse effects on the confidentiality, integrity or availability of our information systems or any information residing therein. We depend on and engage various third parties, including suppliers, vendors, and service providers. Our risk management, legal, information technology, and compliance personnel identify and oversee risks from cybersecurity threats associated with our use of such entities. Any incident assessed as potentially being or potentially becoming material is immediately escalated for further assessment and then reported to the Board of Directors. We comply with the AICPA Trust Services Criteria for Security and have based our Information Security Management System on the ISO 27001 standard. Track Group’s Chief Information Security Officer, Tim Hardy, has oversight responsibility for risks and incidents relating to cybersecurity threats, including compliance with disclosure requirements, cooperation with law enforcement, and related effects on financial and other risks, and report any findings and recommendations, as appropriate, to the full Board of Directors for consideration. Senior management regularly discusses cyber risks and trends and, should they arise, any material incidents with the Board of Directors. -17- Table of Contents Our business strategy, results of operations and financial condition have not been materially affected by risks from cybersecurity threats, but we cannot provide assurance that they will not be materially affected in the future by such risks or any future material incidents. Further, a cyber incident impacting our systems or a third-party’s systems could subject us to business, regulatory, litigation and reputational risk, which could have a negative effect on our business, results of operations and financial condition. For more information on our cybersecurity related risks, see Item 1A Risk Factors of this Annual Report.

Company Information