Proficient Auto Logistics, Inc 10-K Cybersecurity GRC - 2025-03-28

Page last updated on March 31, 2025

Proficient Auto Logistics, Inc reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-28 20:33:01 EDT.

Filings

10-K filed on 2025-03-28

Proficient Auto Logistics, Inc filed a 10-K at 2025-03-28 20:33:01 EDT
Accession Number: 0001013762-25-004352

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk management and strategy. While no organization can eliminate cybersecurity risk, the Company employs a cybersecurity strategy that is designed to mitigate cybersecurity and information technology risk. The Company and its contracted providers have implemented practices consistent with the National Institute of Standards and Technology (NIST) methodology for security. These efforts are designed to protect against, and mitigate the effects of, among other things, cybersecurity incidents where unauthorized parties attempt to access confidential, sensitive, or personal information; potentially hold such information for ransom; destroy data; disrupt or delay our operations or systems; or otherwise cause harm to the Company, our customers, employees, vendors, or other key stakeholders. Managing Material Risks & Integrated Overall Risk Management Cybersecurity is part of the Company’s enterprise risk management scope. In addition, the Company has comprehensive monitoring and employee training, underscored by a set of policies and procedures that directly or indirectly relate to cybersecurity, such as policies related to encryption standards, antivirus protection, remote access, multifactor authentication, confidential information and the use of the internet, social media, email and wireless devices. Members of the Company’s management work closely with the IT department and its contracted providers to continuously evaluate and address cybersecurity risks and policies in alignment with the Company’s business objectives and operational needs. Use of Third Parties The Company engages cybersecurity consultants and service providers to assess and enhance its cybersecurity practices, and to monitor its infrastructure in real time for threats. These third parties conduct penetration testing and risk assessments to identify weaknesses and recommend improvements. Additionally, the Company leverages a number of third-party tools, training and technologies as part of its efforts to enhance cybersecurity functions. This includes a managed security service provider to augment the Company’s dedicated security operations team, an endpoint detection and response system for continuous monitoring, detection, and response capabilities, and a security information and event management solution to automate real-time threat detection, investigation, and prioritization. We also rely on technology integration with third party vendors to support and conduct our business and operations, which may include processing of confidential and other sensitive data. We require contractually and operationally that appropriate data security and cybersecurity practices are in place. Despite our efforts, it’s important to note that service providers are ultimately responsible to establish and uphold their respective cybersecurity programs. We have limited ability to monitor the cybersecurity practices of our service providers and there can be no assurance that we can prevent or mitigate the risk of any compromise or failure in the information systems, software, networks, or other assets owned or controlled by outside service providers, which could have an adverse effect on the security of our information systems. Monitoring and Response to Cybersecurity Incidents The Company’s IT security stakeholders regularly monitor alerts and meet to discuss threat levels, trends, and remediation. The team prepares a monthly report on cybersecurity threats and risk areas and conducts an annual risk assessment. This ongoing knowledge acquisition and continuing education is crucial for the effective prevention, detection, mitigation, and remediation of cybersecurity incidents. If a security event is alerted, upper management and the incident response team are notified and the steps identified in the Incident Response Plan, or IRP, are initiated. This plan includes immediate actions to mitigate the impact and long-term strategies for remediation and prevention of future incidents. 25 Risks from Cybersecurity Threats The Company faces risks from cybersecurity threats that could have a material adverse effect on its business, financial condition, results of operations, cash flows or reputation. For more information about the cybersecurity risks the company faces, see the risk factor entitled “Information technology risks, including the risk of cyberattacks, may disrupt our business, result in losses or limit our growth.” in Item 1A., Risk Factors. The Company has not encountered cybersecurity challenges that have materially impaired its operations or financial standing. Cybersecurity Governance The Board is acutely aware of the critical nature of managing risks associated with cybersecurity threats and recognizes the significance of these threats to the Company’s operational integrity and shareholder confidence. Risk Management Personnel The Company’s Chief Operating Officer and Director of IT are responsible for developing and implementing the Company’s information security program. Additionally, the Vice President of Safety and Risk Management leads the enterprise risk management (ERM) for the Company and guides the handling of all material risks, including cybersecurity. The Chief Operating Officer and VP of Safety and Risk Management have overseen risk management programs in multiple environments and the Director of IT has represented companies in IT integration, SaaS businesses, data, application and server security. Board of Directors Oversight The Audit Committee is central to the Board’s oversight of cybersecurity risks and bears the primary responsibility for this domain. The Audit Committee is composed of board members with diverse expertise including risk management and finance, equipping them to oversee this scope effectively. Management’s Role Managing Risk and Reporting to the Board The Chief Operating Officer has primary interface with the Audit Committee on cybersecurity risks, supported by management and its contracted experts. Briefings to the Audit Committee take place on a regular basis, with a minimum frequency of once per year to cover topics, including: ● Current cybersecurity landscape and emerging threats; ● Actions being taken by the Company to minimize or address such threats; ● Status of ongoing cybersecurity initiatives and strategies; ● Incident reports and learnings from any cybersecurity events, if any; and ● Compliance with regulatory requirements and industry standards. The Audit Committee will conduct an annual review of the Company’s cybersecurity posture and the effectiveness of its risk management strategies. This review helps in identifying areas for improvement and ensuring the alignment of cybersecurity efforts within the overall risk management framework.

Company Information