SPS COMMERCE INC 10-K Cybersecurity GRC - 2024-02-20

Page last updated on April 11, 2024

SPS COMMERCE INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-20 19:07:06 EST.

Filings

10-K filed on 2024-02-20

SPS COMMERCE INC filed an 10-K at 2024-02-20 19:07:06 EST
Accession Number: 0001092699-24-000012

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity We have an established security program and framework based on ISO/IEC 27001 ( Security Program ) and maintain ISO/IEC 27001:2013, SOC 1 Type 2, and SOC 2 Type 2 certifications. The Security Program has been established to allow management oversight of cybersecurity risks, institute directives and principles for information security, ensure alignment to regulatory and contractual cybersecurity obligations, and enable timely incident response and remediation. Our information and security team, led by our Chief Information Security Officer ( CISO ), have implemented and continue to maintain various technical, physical, and administrative processes, policies, and standards as the foundation of our Security Program, which are designed to help us manage and mitigate risks from cybersecurity threats, including, but not limited to, incident detection and response plans, vulnerability management processes, risk assessments, disaster recovery and business continuity plans, access controls, asset management, logging and monitoring, security awareness training, and third-party risk management programs. Our CISO and information security team actively monitor and evaluate our networks, systems, data, and security risk profile to identify and assess cybersecurity risks. The information security team uses a variety of methods to identify and assess these risks, including, conducting networks scans, using manual and automated tools, conducting vulnerability and maturity assessments, and subscribing to services and reports providing threat intelligence. In addition, we use a variety of third-party service providers to support and execute on our Security Program. These third parties provide cybersecurity consulting services, cybersecurity software, penetration testing, audits, and other professional services to aid us in identifying, assessing, and managing risks from cybersecurity threats. Our Security Program is managed by our Executive Security Steering Committee (“ESSC”), comprised of selected members of leadership, including our CISO, which assesses and manages any material risks from cybersecurity threats. The CISO and security team provide regular updates to the ESSC on our Security Program and, in accordance with our security incident response plan, escalate applicable cybersecurity threats or incidents to the ESSC for review and management. SPS COMMERCE, INC. 23 Form 10-K for the Annual Period ended December 31, 2023 Table of Contents Our Audit Committee of our board of directors oversees our risk management processes related to cybersecurity risks and is regularly informed of such risks through presentations or reports from our CISO. In addition, our security incident response plan includes reporting certain cybersecurity incidents to our Audit Committee. Finally, our board of directors reviews cybersecurity risks on an annual basis, including discussing with management and members of the ESSC our strategy surrounding prevention, detection, mitigation, and remediation of potential security threats. While we have experienced cybersecurity incidents and expect to continue to be subject to such incidents, to date, we have not experienced any cybersecurity incidents that have materially affected our business, financial condition, or results of operations. However, we are subject to ongoing risks from cybersecurity threats that could materially affect us, including our business, financial condition, or results of operations, as further described in Part I, Item 1A, “Risk Factors” of this Annual Report on Form 10-K.

Company Information