BRIDGFORD FOODS CORP 10-K Cybersecurity GRC - 2025-01-29

Page last updated on January 29, 2025

BRIDGFORD FOODS CORP reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-01-29 17:29:12 EST.

Filings

10-K filed on 2025-01-29

BRIDGFORD FOODS CORP filed a 10-K at 2025-01-29 17:29:12 EST
Accession Number: 0001493152-25-004182

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity We maintain an information security and cybersecurity program, as well as a cybersecurity governance framework, which are designed to protect our information systems against operational risks related to cybersecurity. Cybersecurity Risk Management and Strategy We recognize the importance of assessing, identifying, and managing material risks associated with cybersecurity threats which include, among other things, operational risks, intellectual property theft, fraud or extortion, harm to employees or customers, violation of privacy or security laws and related litigation and legal risk, and reputational risks. We have developed and implemented a cybersecurity risk management program overseen by our Audit Committee intended to protect the confidentiality, integrity, and availability of our critical systems and information, and detect and contain any cybersecurity incidents that impact us. The program is integrated into our overall risk management systems and processes, and includes a cybersecurity risk assessment process that routinely evaluates potential impacts of cybersecurity risks on our business, including risks from cybersecurity threats associated with our use of third-party service providers. These assessments inform our cybersecurity risk mitigation strategies. The results are regularly shared with our information technology committee comprised of our Vice President of Information Technology, our Information Technology Manager, our President and our Chief Financial Officer (the “IT Steering Committee”) and the Audit Committee of our Board as part of the committees’ involvement in managing and overseeing cybersecurity risks. Our cybersecurity risk management program also includes processes to triage, assess the severity of, escalate, contain, investigate, and remediate an incident, as well as to comply with potentially applicable legal obligations and mitigate brand and reputational damage. If a cybersecurity incident is determined to be a potentially material cybersecurity incident, our disclosure controls and procedures define the steps to determine materiality and disclose such a material cybersecurity incident. In addition, we engage an independent third-party provider in connection with our cybersecurity risk management program to monitor cybersecurity threats and provide certain security measures. We regularly engage with this provider to aid in the identification and remediation of potential threats. This provider has qualifications that include Microsoft Certified: Security, Compliance, and Identity Fundamentals, Certified Information Systems Security Professional (CISSP), Certified Hacking Forensic Investigator, Certified Ethical Hacker (CEH) and Security+. While we believe that our business strategy, results of operations or financial condition have not been materially adversely affected by any cybersecurity incidents, cybersecurity threats are pervasive and, similar to other institutions, we, as well as our employees, customers, regulators, service providers, and other third parties have experienced a significant increase in information security and cybersecurity risk in recent years and will likely continue to be the potential target of cyber attacks. We continue to assess the risks and changes in the cyber environment and invest in enhancements to our cybersecurity capabilities as deemed necessary to promote advancements in our cybersecurity capabilities. 9 Cybersecurity Governance Our cybersecurity risk management program is overseen by the Audit Committee and led by the IT Steering Committee. Our Audit Committee is responsible in overseeing risks from cybersecurity threats, and has the authority to regularly review the adequacy of our cybersecurity, information and technology security, and data privacy programs, procedures, and policies. Our IT Steering Committee, led by the Vice President of Information Technology, is primarily responsible for monitoring, assessing, and managing material risks from cybersecurity threats. The Audit Committee regularly receives updates from the IT Steering Committee / management with respect to our efforts to manage data protection, cybersecurity, and information and technology risks, and assesses the results of reviews from internal audits. Materials presented to our Audit Committee by our IT Steering Committee include updates on our data security posture, results from internal audit and third-party assessments, our incident response plan, and certain cybersecurity threat risks or incidents and developments, as well as the steps management has taken to respond to such risks. The Audit Committee / IT Steering Committee also regularly engages with management on technology risk-related topics. Our processes also allow for our Board and the Audit Committee to be informed of key cybersecurity risks outside the regular reporting schedule. While the Audit Committee meets periodically, the Audit Committee is authorized to meet with management or individual directors at any time it deems appropriate to discuss matters relevant to the committee. Our policy is for the Board and the Audit Committee to receive prompt and timely information regarding any cybersecurity risk (including any incident) that meets reporting thresholds, as well as ongoing updates regarding any such risk.

Company Information