ARC DOCUMENT SOLUTIONS, INC. 10-K Cybersecurity GRC - 2024-02-29

Page last updated on April 11, 2024

ARC DOCUMENT SOLUTIONS, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-29 16:46:56 EST.

Filings

10-K filed on 2024-02-29

ARC DOCUMENT SOLUTIONS, INC. filed an 10-K at 2024-02-29 16:46:56 EST
Accession Number: 0001305168-24-000025

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurit y We believe that cybersecurity is important to how we operate as a company and as such we focus on defining and managing our cybersecurity risk. With the ever-changing cybersecurity landscape and continual emergence of new threats, our Board of Directors, Audit Committee, and senior management team ensure that significant resources are devoted to cybersecurity risk management and the technologies, processes and people that support it. We have steadily increased companywide awareness to strengthen our cybersecurity risk management practice and processes. We employ a risk-based cybersecurity program that leverages the National Institute of Standards and Technology (NIST) framework and is designed to protect, detect, identify, and respond to cybersecurity risks and incidents. We regularly assess critical areas of our cybersecurity program to identify cybersecurity strengths and weaknesses and provide valuable insights for mitigating cyber risks. Our cybersecurity team monitors networks and systems for potential signs of suspicious activity by utilizing, among other things, firewalls, intrusion detection systems, multi-factor authentication, and encryption. Additionally, our cybersecurity program includes a security Incident Management policy to ensure that consistent, methodical, and timely incident response process is completed by the designated response team. The designated cybersecurity incident response team is responsible for managing and coordinating our cybersecurity incident response efforts. The incident management workflow with assigned duties and responsibilities streamlines the incident response and helps improve and mitigate the overall incident impact. We engage cybersecurity consultants, and other third parties to enhance our cybersecurity practices. We conduct penetration testing, vulnerability, and other assessments with the assistance of these third parties. These tests and assessments 18 enhance our cybersecurity program. We also use third-party service providers to support our operations and technology initiatives. We evaluate third-party service providers from a cybersecurity risk landscape. Our Board of Directors oversees management s processes for identifying and mitigating risks, including risks pertaining to cybersecurity. On a periodic basis, senior executives, including our Chief Technology Officer (CTO) present to the Board of Directors details of our cybersecurity initiatives and program and any incidents deemed to have a business impact, even if the impact is not material for us. The Board of Directors along with all committee members participate in discussions regarding cybersecurity risks. Our Information Technology and Security organization is managed by our Chief Technology Officer who has overall responsibility for monitoring and managing cybersecurity threats and incidents and for implementing cybersecurity policies, programs, procedures, and strategies. The Chief Technology Officer has vast experience in providing cyber security oversight. Despite the continuous risk faced by the Company, we have suffered no incidents that have materially affected or are reasonably likely to materially affect the Company, including our business strategy, results of operations, or financial condition. Notwithstanding the exhaustive approach we take to cybersecurity, we may not be successful in preventing or mitigating a cybersecurity incident that could have a material adverse effect on our business, results of operations and financial condition. While we maintain cybersecurity insurance and have never had a cybersecurity claim, the costs related to cybersecurity threats or disruptions may not be fully insured. See Item 1A. Risk Factors for a discussion of cybersecurity risks.

Company Information