INSEEGO CORP. 10-K Cybersecurity GRC - 2024-02-21

Page last updated on April 11, 2024

INSEEGO CORP. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-21 20:11:03 EST.

Filings

10-K filed on 2024-02-21

INSEEGO CORP. filed an 10-K at 2024-02-21 20:11:03 EST
Accession Number: 0001022652-24-000001

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity We recognize the critical importance of maintaining the safety and security of our technology systems and data and have a holistic process for overseeing and managing cybersecurity and information technology related risks. This process is supported by both management and our Board. The Audit Committee (the Audit Committee ) of our Board has oversight of the Company s risk management program, and cybersecurity is a component of our overall approach to risk management. Our cybersecurity policies, standards, processes, and practices are integrated across our operational risk management programs and are based on recognized frameworks. A cybersecurity threat is any potential unauthorized occurrence, on or conducted through, our information systems that may result in adverse effects on the confidentiality, integrity or availability of our information systems or any information residing therein. Cybersecurity risk management and strategy 30 As one of the critical elements of our overall risk management program, our cybersecurity program is focused on the following key areas: Technical Safeguards: We deploy technical safeguards that are designed to protect our information systems from cybersecurity threats, including firewalls, intrusion prevention and detection systems, anti-malware functionality and access controls, which are regularly evaluated and improved through vulnerability assessments and cybersecurity threat intelligence. Incident Response & Recovery Planning: We have established and maintain incident response and recovery plans that address our response procedures in the event of a multitude of various cybersecurity incidents. We leverage a Managed Detection and Response service which further helps support our internal security team to identify real time threats across our landscape. Risk Management: We maintain a preemptive and comprehensive risk-based approach to identifying and overseeing potential cybersecurity risks across our entire technology stack. The approach aligns to industry standards such as ISO 27005 (Information Security Risk Management). This approach also includes third-party risk management issues presented by third parties, including our vendors, service providers and other external users of our systems. We conduct cybersecurity assessments of third-party vendors that we engage with in our operations to identify and evaluate potential vulnerabilities, including on-site visits for evaluation of certain core operational third-party vendors. In addition, our agreements with material vendors include indemnification provisions with respect to cybersecurity matters. Outside Consultants: In addition to the broad capabilities of our internal information security team, we also engage various outside consultants, including contractors, auditors, and other third parties, to among other things , conduct regular testing of our networks and systems to identify vulnerabilities through penetration testing, while also measuring and advise on potential improvements to our incident prevention, response, and documentation procedures. Team Member Education & Awareness: We provide training to new team members, as well as frequent, mandatory training for all team members regarding cybersecurity threats to equip our team members with effective tools to identify and prevent cybersecurity threats, and to communicate our evolving information security policies, standards, processes and practices. Governance & Personnel Our Board has delegated to the Audit Committee the responsibility for monitoring and overseeing our cybersecurity and other information technology risks, controls, strategies and procedures. The Audit Committee periodically evaluates our information security strategies to ensure effectiveness and, if appropriate, may also include a review from third-party consultants and experts. Senior management updates the Board and Audit Committee on matters regarding information security policies and procedures and cybersecurity risk management strategy. In addition, the full Board may review and assess cybersecurity risks as part of its responsibilities for our risk management oversight. In addition, we have an IT Security Committee comprised of our top executives from across the Company, including our Chief Executive Officer, Chief Financial Officer, General Counsel, our Director of Information Security and Privacy. The IT Security Committee meets quarterly to discuss and address management of the risks facing our business. Technological risk is a regular component analyzed by our IT Security Committee to identify and assess potential cybersecurity risks across our business operations. Our information security team is led by our Director of Information Security and Privacy, who has decades of experience in information technology and cybersecurity. Furthermore, our Director of Information Security and Privacy holds a number of certifications, including CISSP (Certified Information Systems Security Professional) and CCSP (Certified Cloud Security Professional). The information security team conducts periodic assessment and testing of our policies, standards, processes, and practices that are designed to address a multitude of potential cybersecurity threats and incidents. These efforts include a wide range of activities, including penetration testing, adoption and regular evaluation of incident response plans and procedures, regular team member email phishing test campaigns, email security monitoring, real-time vulnerability scanning and intrusion detection, team member cybersecurity awareness programming, regular audits & evaluations of internal and third-party systems, and continuous improvement of the information security management system. Impact of cybersecurity risks on business strategy, results of operations or financial condition As of the date of this Form 10-K, there have been no cybersecurity incidents that have materially affected, or are likely to materially affect the Company s business strategy, results of operations or financial condition. 31

Company Information