MARIN SOFTWARE INC 10-K Cybersecurity GRC - 2024-02-23

Page last updated on April 11, 2024

MARIN SOFTWARE INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-23 09:03:17 EST.

Filings

10-K filed on 2024-02-23

MARIN SOFTWARE INC filed an 10-K at 2024-02-23 09:03:17 EST
Accession Number: 0000950170-24-019131

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY We recognize the importance of maintaining the trust and confidence of our customers, business partners and employees and we believe that security of our information systems and data is important to our business. We focus on preserving the confidentiality, security and availability of the information that we collect and store and have designed and implemented processes to assess, identify and manage material risks from cybersecurity threats. Our information security policies, processes and practices are integrated into our overall risk management programs and processes as a public company. As part of our risk management programs, we have developed and implemented several technical and organizational measures to help protect the security of our information systems and data. These measures include physical access controls, logical access controls, and other measures. In terms of physical controls, we co-locate our servers and hosting equipment at a secure third-party data center in Las Vegas, Nevada, which enforces strict employee identification measures and restrictions on unauthorized personnel. In terms of logical and technical access controls, we have designed and implemented information security policies, system access policies, technical monitoring systems, and a variety of other policies and technical security measures. We require all employees to take training courses on an annual basis to review and better understand potential cybersecurity threats. We use third parties to conduct testing of our information systems on a periodic basis to test for potential vulnerabilities. We use a risk-based approach to identifying and overseeing cybersecurity risks presented by third parties, including vendors, service providers and other external users of our systems, as well as the systems of third parties that could adversely impact our business in the event of a cybersecurity incident affecting those third-party systems. For third parties that we rely upon for certain IT systems, we seek to use only reputable providers, to use the most recently reliable versions of such systems, and monitor and address alerts for potential vulnerabilities to any such systems. We engage in the periodic assessment and testing of policies, processes and practices that are designed to address cybersecurity threats and incidents. These efforts include audits, assessments and vulnerability testing focused on evaluating the effectiveness of our cybersecurity measures. We revise our policies or practices as appropriate based on the results of such assessments or testing. We do not believe that risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected us, including our business strategy, results of operations or financial condition. We do not believe risks from cybersecurity threats are reasonably likely to materially affect us, but no assurances can be provided that, despite the implementation of security measures, our information systems and data, or those of our current and any future third parties on which we rely, will not be vulnerable to cybersecurity risks. Refer to Item 1A. Risk Factors If our security measures are breached or unauthorized access to customer data or our data is otherwise obtained, our solutions may be perceived as not being secure, customers may reduce the use or stop using our solutions and we may incur significant liabilities . The Audit Committee of our Board of Directors (the “Audit Committee”) is responsible for the oversight of risks from cybersecurity threats. Our management team, including our EVP Product and Technology, reviews and discusses a summary of our cybersecurity posture with the Audit Committee on a periodic basis. When covered during an Audit Committee meeting, the chairman of the Audit Committee reports on its discussion to the full Board of Directors. Our management team, including our Chief Executive Officer, EVP Product & Technology, Chief Financial Officer and General Counsel, work collaboratively to design, implement and review our cybersecurity policies and processes and to respond to any cybersecurity incidents in accordance with our plans. Among our management team, our App Ops and Engineering teams are most responsible for assessing and managing cybersecurity risks. These teams have several years of experience in the IT industry, including experience managing cybersecurity risks. Our CEO, EVP Product & Technology, CFO and General Counsel each have degrees in their respective fields and each have more than 20 years of business experience. Our teams use the technical systems that we have implemented to monitor for cybersecurity threats and they coordinate responses to any perceived risks or vulnerabilities with our senior management team. Through ongoing communications among these teams, our EVP Product & Technology and other key team leaders monitor the prevention, detection, mitigation and remediation of cybersecurity threats and incidents in real time, and, when appropriate, report risks, threats or incidents to our Audit Committee. 31 Table of Contents

Company Information