TOFUTTI BRANDS INC 10-K Cybersecurity GRC - 2025-03-31

Page last updated on March 31, 2025

TOFUTTI BRANDS INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-31 06:12:50 EDT.

Filings

10-K filed on 2025-03-31

TOFUTTI BRANDS INC filed a 10-K at 2025-03-31 06:12:50 EDT
Accession Number: 0001641172-25-001426

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk management and strategy Data integrity, privacy, availability, and security are critical to the corporate information technology, communication networks, accounting and financial reporting platforms, and related systems which are necessary for the operation of our business. These systems are used to manage our vendor relationships, for internal communications, for accounting and record-keeping functions, and for many other key aspects of our business including site security. Our business operations rely on the data privacy and security necessary to safeguard and protect secure collection, storage, transmission, and other processing of proprietary, confidential, and sensitive data. We are continually assessing the need to implement and maintain various information security processes designed to identify, assess, and manage material risks from cybersecurity threats to our critical computer networks, third-party hosted services, communications systems, hardware and software, and our critical data, including confidential information that is proprietary, strategic or competitive in nature. We engage a third-party provider to identify, assess, and manage cybersecurity threats and risks which is achieved through monitoring and evaluating our threat environment and our risk profile using various methods including the use of manual and automated tools, analysis of reports of threats and threat actors, scanning the threat environment, and evaluation of our industry’s risk profile. Various technical, physical, and organizational measures, processes, standards, and policies designed to manage and mitigate material risks from cybersecurity threats to our systems and data have been implemented and are maintained. These include risk assessments, incident detection and response, vulnerability management, disaster recovery and business continuity plans, internal controls within our accounting and financial reporting functions, encryption of data, network security controls, access controls, physical security, systems monitoring, employee training, and penetration testing. We engage certain third-party service providers to perform a variety of functions within our business and seek to ensure that we work with reliable, reputable service providers that maintain cybersecurity programs. Depending on the nature of the services provided, the sensitivity and quantity of information processed, and the identity of the service provider, our vendor management process may include reviewing provider cybersecurity practices, conducting provider security assessments, and conducting periodic provider reassessments during their engagement. We are no t aware of any risks from cybersecurity threats or cybersecurity incidents which have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition. Governance Our board of directors is responsible for oversight of our strategy and risk management, including material risks related to cybersecurity threats. As a regular part of the Company’s Board of Director’s meetings, management reviews with the Board members our significant financial risk exposures and the measures implemented to monitor and control these risks, including those that may result from material cybersecurity threats. Our Chief Executive Officer leads our cybersecurity risk assessment and management processes and oversees their implementation and maintenance, including integration of cybersecurity risk considerations into our overall risk management strategy and communication of key priorities to relevant personnel . He is responsible for cybersecurity-related matters including approval of processes; review of assessments and other matters; evaluation of potential impact of incidents to determine materiality based on the nature and scope of the incident and any impact to operations, assets, or reputation; and response to incidents, including reporting certain incidents to the audit committee. Our board of directors receives updates from our Chief Executive Officer concerning any cybersecurity threats and risks considered to be significant and the processes we have implemented to address them.

Company Information