INSEEGO CORP. 10-K Cybersecurity GRC - 2025-02-19

Page last updated on February 20, 2025

INSEEGO CORP. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-02-19 19:43:23 EST.

Filings

10-K filed on 2025-02-19

INSEEGO CORP. filed a 10-K at 2025-02-19 19:43:23 EST
Accession Number: 0001022652-25-000005

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity We recognize the critical importance of maintaining the safety and security of our technology systems and data and have a holistic process for overseeing and managing cybersecurity and information technology related risks. This process is supported by both management and our Board. The Audit Committee (the “Audit Committee”) of our Board has oversight of the Company’s risk management program, and cybersecurity is a component of our overall approach to risk management. Our cybersecurity policies, standards, processes, and practices are integrated across our operational risk management programs and are based on recognized frameworks. A cybersecurity threat is any potential unauthorized occurrence, on or conducted through, our information systems that may result in material adverse effects on the confidentiality, integrity or availability of our information systems or any information residing therein. 27 We are committed to protecting the security and integrity of our systems, networks, databases and applications and, as a result, have dedicated resources and implemented processes designed to prevent, assess, identify, and manage material risks associated with cybersecurity threats. Cybersecurity risk management and strategy As one of the critical elements of our overall risk management program, our cybersecurity program is focused on the following key areas: - Technical Safeguards: We deploy technical safeguards that are designed to protect our information systems from cybersecurity threats, including firewalls, intrusion prevention and detection systems, anti-malware functionality, Security information and event management, Managed detection and response and access controls, which are regularly evaluated and improved through vulnerability assessments and cybersecurity threat intelligence. - Incident Response & Recovery Planning: We have established and maintain incident response and recovery plans that address our response procedures in the event of a multitude of various cybersecurity incidents. We leverage a Managed Detection and Response service which further helps support our internal security team to identify real time threats across our landscape. - Risk Management: We maintain a preemptive and comprehensive risk-based approach to identifying and overseeing potential cybersecurity risks across our entire technology stack. Our cybersecurity program is built upon internationally recognized frameworks, such as ISO 27001, and maps to standards published by The National Institute of Standards and Technology. This approach also includes third-party risk management issues presented by third parties, including our vendors, service providers and other external users of our systems. We conduct cybersecurity assessments of third-party vendors that we engage with in our operations to identify and evaluate potential vulnerabilities. We also evaluate certain core operational capabilities of our third-party vendors. In addition, our agreements with material vendors include indemnification provisions with respect to cybersecurity matters. - Outside Consultants : In addition to the broad capabilities of our internal information security team, we also engage various outside consultants, including contractors, auditors, and other third parties, to among other things , conduct regular testing of our networks and systems to identify vulnerabilities through penetration testing, while also measuring and advise on potential improvements to our incident prevention, response, and documentation procedures. - Team Member Education & Awareness: We provide training to new team members, as well as frequent, mandatory training for all team members regarding cybersecurity threats to equip our team members with effective tools to identify and prevent cybersecurity threats, and to communicate our evolving information security policies, standards, processes and practices. Governance & Personnel Our Board has delegated to the Audit Committee the responsibility for monitoring and overseeing our cybersecurity and other information technology risks, controls, strategies and procedures. The Audit Committee periodically evaluates our information security strategies to ensure effectiveness and, if appropriate, may also include a review from third-party consultants and experts. Senior management updates the Board and Audit Committee on matters regarding information security policies and procedures and cybersecurity risk management strategy. In addition, the full Board may review and assess cybersecurity risks as part of its responsibilities for our risk management oversight. In addition, we have an IT Security Committee comprised of our top executives from across the Company, including our Chief Executive Officer, Chief Financial Officer, General Counsel, and our VP of Information Technology and Security. The IT Security Committee meets quarterly to discuss and address management of the risks facing our business. Technological risk is a regular component analyzed by our IT Security Committee to identify and assess potential cybersecurity risks across our business operations. Our information security team is led by our VP of Information Technology and Security , who has decades of experience in information technology and cybersecurity. Furthermore, our VP of Information Technology and Security holds several certifications, including CISSP (Certified Information Systems Security Professional), ACCISO (Associate Certified Chief Information Security Officer) and CISM (Certified Information Security Manager). The information security team conducts periodic assessment and testing of our policies, standards, processes, and practices that are designed to address a multitude of potential cybersecurity threats and incidents. These efforts include a wide range of activities, including penetration testing, adoption and regular evaluation of incident response plans and procedures, regular team member email phishing test campaigns, email security monitoring, real-time vulnerability scanning and intrusion detection, team member cybersecurity awareness programming, regular audits & evaluations of internal and third-party systems, and continuous improvement of the information security management system. 28 Impact of cybersecurity risks on business strategy, results of operations or financial condition As of the date of this Form 10-K, there have been no cybersecurity incidents that have materially affected, or are likely to materially affect the Company’s business strategy, results of operations or financial condition.

Company Information