Accel Entertainment, Inc. 10-K Cybersecurity GRC - 2024-02-28

Page last updated on April 11, 2024

Accel Entertainment, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-28 16:41:49 EST.

Filings

10-K filed on 2024-02-28

Accel Entertainment, Inc. filed an 10-K at 2024-02-28 16:41:49 EST
Accession Number: 0001698991-24-000007

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Our Board recognizes the critical importance of maintaining the trust and confidence of our customers, clients, business partners and employees. As a result, cybersecurity risk management is an integral part of our overall risk management and compliance program. Our cybersecurity risk management processes are modeled after industry best practices, such as the National Institute of Standards and Technology Cybersecurity Framework, for handling cybersecurity threats and incidents, including threats and incidents associated with the use of applications developed by third-party service providers, and facilitate coordination across different departments of our company. The Board has overall oversight responsibility for our cybersecurity risk management; however, it delegates cybersecurity risk management oversight to the audit committee of the Board (the Audit Committee ). The Audit Committee is responsible for ensuring that management has processes in place designed to identify and evaluate cybersecurity risks to which we are exposed and implement processes and programs to manage cybersecurity risks and mitigate cybersecurity incidents. These processes include steps for assessing the severity of a cybersecurity threat, identifying the source of a cybersecurity threat, including whether the cybersecurity threat is associated with a third-party service provider, implementing cybersecurity countermeasures and mitigation strategies, and informing management and our Board of material cybersecurity threats and incidents. Our information technology team is responsible for assessing our cybersecurity risk management program, and we currently do not engage third parties for such assessment. 26 Our cybersecurity program is under the direction of our Chief Financial Officer ( CFO ) and our Chief Technology Officer ( CTO ), who receive reports from our information technology team and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents. Our CTO has over 26 years of extensive information technology experience in various roles of increasing importance. His experience includes roles as Director of Technology, Information Technology Manager, Technical Manager, and Systems Analyst. Among his other duties as CTO, he manages our cybersecurity team, which comprises certified and experienced information security professionals, and he has been instrumental in the implementation and monitoring of our various cybersecurity systems and tools. Management is responsible for identifying, considering, and assessing material cybersecurity risks on an ongoing basis, establishing processes to ensure that such potential cybersecurity risk exposures are monitored, putting in place appropriate mitigation measures and maintaining cybersecurity programs, including: Implementing a comprehensive, cross-functional approach to identifying, preventing and mitigating cybersecurity threats and incidents, while also implementing controls and procedures that provide for the prompt escalation of certain cybersecurity incidents so that decisions regarding the public disclosure and reporting of such incidents can be made by management in a timely manner; Deploying technical safeguards that are designed to protect our information systems from cybersecurity threats, including firewalls, intrusion prevention and detection systems, anti-malware functionality and access controls, which are evaluated and improved through vulnerability assessments and cybersecurity threat intelligence; Establishing and maintaining comprehensive incident response and recovery plans that fully address our response to a cybersecurity incident, and such plans are tested and evaluated on a regular basis; and Providing regular, mandatory training for personnel regarding cybersecurity threats as a means to equip our personnel with effective tools to address cybersecurity threats, and to communicate our evolving information security policies, standards, processes and practices. Management, including the CFO, regularly updates the Audit Committee on our cybersecurity processes, material cybersecurity risks and mitigation strategies. The Audit Committee reports all material cybersecurity risks to the Board. Although we are subject to ongoing and evolving cybersecurity threats, we are not aware of any material risks from cybersecurity threats in 2023 that have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations or financial condition. For more information on our cybersecurity risks, see Risk Factors Our success depends on the security and integrity of the systems and products offered, and security breaches or other disruptions could compromise certain information and expose us to liability, which could cause our business and reputation to suffer .

Company Information