ARTS WAY MANUFACTURING CO INC 10-K Cybersecurity GRC - 2025-02-18

Page last updated on February 18, 2025

ARTS WAY MANUFACTURING CO INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-02-18 13:37:02 EST.

Filings

10-K filed on 2025-02-18

ARTS WAY MANUFACTURING CO INC filed a 10-K at 2025-02-18 13:37:02 EST
Accession Number: 0001437749-25-004172

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. CYBERSECURITY. We have a multi-layered approach to assess, identify and manage material risks from cybersecurity threats. This approach includes a wide variety of mechanisms, controls, technologies, methods, systems, and other processes that are designed to prevent, detect, or mitigate data loss, theft, misuse, unauthorized access, or other cybersecurity incidents or vulnerabilities affecting the data. The data includes confidential, proprietary, and business and personal information that we collect, process, store, and transmit as part of our business, including on behalf of third parties. We also use systems and processes designed to reduce the impact of a cybersecurity incident at a third-party vendor or customer. Additionally, we use processes to oversee and identify material risks from cybersecurity threats associated with our use of third-party technology and systems, including technology and systems we use for encryption and authentication; employee email; content delivery to customers; back-office support; and other functions. As part of our risk management process, we conduct regular application security assessments to identify vulnerabilities within our IT infrastructure. These assessments include both automated scans and manual reviews by our cybersecurity team. Threat intelligence feeds and security reports are continuously monitored, with the goal of staying ahead of emerging threats. In the event of a cybersecurity incident, we maintain incident response plans that are utilized when incidents are detected. We require employees with access to information systems, including all corporate employees, to undertake data protection and cybersecurity training and compliance programs annually along with random internal phishing campaigns. We are led by our Director of IT, who is responsible for implementing and maintaining centralized cybersecurity and data protection practices in close coordination with our senior leadership team. We also engage assessors, consultants, or other third parties to assist with assessing, identifying, and managing cybersecurity risks. Our cybersecurity risks and associated mitigations are evaluated by senior leadership and routinely by our Board of Directors. Our Director of IT, who has extensive cybersecurity knowledge and skills gained from over 10 years of work experience in various information technology roles, heads the team responsible for implementing and maintaining cybersecurity and data protection practices and reports directly to the Chief Financial Officer. As of the date of this report, we have not encountered any risks from cybersecurity threats that have materially affected or are reasonably likely to materially affect the Company, including its business strategy, results of operations, or financial condition. Cybersecurity threats are continually evolving, and no assurances can be given that our risk management systems and processes will fully mitigate all cybersecurity threats and risks.

Company Information