Spok Holdings, Inc 10-K Cybersecurity GRC - 2024-02-22

Page last updated on April 11, 2024

Spok Holdings, Inc reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-22 16:02:55 EST.

Filings

10-K filed on 2024-02-22

Spok Holdings, Inc filed an 10-K at 2024-02-22 16:02:55 EST
Accession Number: 0001289945-24-000010

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Spok’s enterprise risk management program includes our cybersecurity risk management program (“Cybersecurity Program”), which is designed to protect the confidentiality, integrity and availability of our critical systems and information. Our Cybersecurity Program is designed utilizing guidance from the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) and includes security policies and procedures, security appliances and software, third-party vulnerability testing, business continuity plans, and other administrative, physical and technical measures. Executive management, including Chief Information Officer (CIO)/Chief Information Security Officer (CISO) and VP Technology Operations, has overall responsibility for assessing and managing key cybersecurity risks; implementation of the Cybersecurity Program is led by key information technology and security management members, including the CIO/CISO who have over a combined four decades of experience, specialized training, and various certifications in information technology and cybersecurity strategy, tools and governance. As part of the enterprise risk management program, our Cybersecurity Program shares similar methodologies, reporting channels and governance processes to other areas across the Company. The Cybersecurity Program includes, but is not limited to, the following processes that collectively help management to stay informed about and monitor the prevention, detection, mitigation and remediation of risks and incidents: 25 Table of Contents Risk assessment program to assess, track and address security risks. Incident Response Plan to identify, evaluate, remediate and report incidents, as appropriate. Security testing by external third-party providers to identify potential threats and vulnerabilities. Reviews of critical third-party connections, including a security assessment and restrictions based on the third-party’s risk profile. Security training for employees and contractors, including alerts for new security developments, as warranted. Cybersecurity is part of our Board of Directors’ oversight function. Our Board of Directors has delegated oversight of cybersecurity and other information technology to its Audit Committee. Our Audit Committee receives regular reporting from executive management on our cybersecurity risks and, as necessary, updates on cybersecurity incidents. Our Audit Committee and executive management report to our Board of Directors regarding its activities, including the Cybersecurity Program. Our Board of Directors also receives continuing education on the cybersecurity risks that impact public companies. We have not identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, which have materially affected us, including our operations, business strategy, results of operations, or financial condition. We face certain ongoing risks from cybersecurity threats that, if realized, are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition. See Item 1A. Risk Factors Cyberattacks, data breaches or other compromises to our or our critical third parties’ systems, data, products or services could have a material adverse effect on our business.

Company Information