Page last updated on March 20, 2025
CREDITRISKMONITOR COM INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-20 14:00:57 EDT.
Company Summary
CreditRiskMonitor is a publishing company specializing in business credit analysis, scores, and news.
Filings
10-K filed on 2025-03-20
CREDITRISKMONITOR COM INC filed a 10-K at 2025-03-20 14:00:57 EDT
Accession Number: 0001140361-25-009647
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
Item 1C. Cybersecurity
ITEM 1C. CYBERSECURITY Risk Management and Strategy The Company has processes for assessing, identifying, and managing material risks from cybersecurity threats. These cybersecurity processes are integrated into the Company’s overall compliance, risk management, and oversight procedures as overseen by the Company’s Board of Directors, primarily through its Audit Committee. These processes also include overseeing and identifying risks from cybersecurity threats associated with the use of third-party service providers. The Company’s process allows us to assess, identify and manage information security and cybersecurity threats through risk assessment and prevention measures to facilitate communication, training, awareness, incident response, and disclosure procedures as required by the SEC. The Company may review System and Organization Controls 1 (“SOC1”) or System and Organization Controls 2 (“SOC2”) reports of certain third-party providers before engagement and has established monitoring procedures in its effort to mitigate risks related to data breaches or other security incidents originating from third parties. The Company engaged a third-party consulting firm to evaluate and test the Company’s risk management systems and to assess and prevent potential cybersecurity incidents as appropriate on an annual basis. The Company has engaged a third party to provide cybersecurity and awareness training to our employees to help mitigate the risk of threats posed by bad actors requesting information. The Company deploys technical safeguards that are designed to protect information systems from cybersecurity threats, including firewalls, intrusion prevention and detection systems, redundant data storage and retention methods, anti-malware functionality, security information event management, automated update/patch-management and access controls which are evaluated and improved through vulnerability and exposure assessments and cybersecurity threat intelligence. With the help of our third-party vendors, the Company has implemented several layers of physical security, digital security, and data backup. On July 19, 2024, CreditRiskMonitor.com detected unauthorized occurrences within its computer network. Upon detection, the Company immediately activated its incident response plan and took steps to contain, assess and remediate the incident. The incident did not have a material impact on the Company, including its business strategy, results of operations, or financial condition. Governance Board of Directors – The Audit Committee of the Company’s Board of Directors, with the input of management, oversees the Company’s internal controls, including internal controls designed to assess, identify, and manage material risks from cybersecurity threats. The Audit Committee and the full Board of Directors are informed of material risks from cybersecurity threats by the Company’s Chief Executive Officer, Chief Financial Officer, or Chief Technology Officer. Management – Under the oversight of the Audit Committee of the Company’s Board of Directors, the Chief Technology Officer, with over 20 years of experience in this field, is primarily responsible for the assessment and management of material cybersecurity risks and establishing and maintaining adequate and effective internal controls covering cybersecurity matters. The Company’s Chief Financial Officer and Chief Technology Officer are responsible for overseeing the establishment and effectiveness of controls and other procedures, including controls and procedures related to the public disclosure of material cybersecurity matters. See “Item 1. Risks Related to Information Systems Security - As the threat landscape is everchanging, the Company must make continuous mitigation efforts, including risk-prioritized controls to protect against known and emerging threats; tools to provide automated monitoring and alerting; frequent employee training; and backup and recovery systems to restore systems and return to normal operations . However, there can be no assurance that the Company’s ability to monitor or mitigate cybersecurity risks will be fully effective, and the Company may fail to identify cybersecurity breaches or discover them in a timely way.” 14 Index
Company Information
| Name | CREDITRISKMONITOR COM INC |
| CIK | 0000315958 |
| SIC Description | Services-Consumer Credit Reporting, Collection Agencies |
| Ticker | CRMZ - OTC |
| Website | |
| Category | Non-accelerated filer Smaller reporting company |
| Fiscal Year End | December 30 |