First Watch Restaurant Group, Inc. 10-K Cybersecurity GRC - 2024-03-05

Page last updated on April 11, 2024

First Watch Restaurant Group, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-05 07:05:04 EST.

Filings

10-K filed on 2024-03-05

First Watch Restaurant Group, Inc. filed an 10-K at 2024-03-05 07:05:04 EST
Accession Number: 0001789940-24-000012

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy We deploy a cybersecurity program modelled on Center for Internet Security (CIS) Critical Security Controls, commonly referred to as CIS Controls. We believe our program s control focus provides immediate protection and scalability for our business. Our program defines our governance and management oversight, and includes (i) continual training to raise user vigilance and resistance to phishing attempts and cyber-attacks, (ii) evaluation of compliance with privacy and data security regulations and (iii) reporting obligations in the event of an incident. As part of our program, we partner with a security operations center for continuous monitoring and alerting across all of our information technology systems. Annually, we engage external consultants to evaluate the effectiveness of our cybersecurity program and recommend improvements. We have also developed vendor scoring criteria to assess cybersecurity, incidence readiness and cyber insurance of our critical vendors and service providers. Security incidents or breaches have from time to time occurred and may in the future occur involving our systems, the systems of the parties with whom we communicate or collaborate (including franchisees) or the systems of third-party providers. Incidents or breaches have from time to time occurred and may in the future occur involving our systems, the systems of the parties with whom we communicate or collaborate (including franchisees) or the systems of third-party providers. As of the date of this Annual Report on Form 10-K, we have not experienced cybersecurity threats or incidents that have materially affected us. However, any actual or perceived breach in the security of our information technology systems or those of our franchisees or our critical vendors and service providers could lead to damage to or failure of our computer systems or network infrastructure which could cause an interruption in our operations and could have a material adverse effect on our business. Furthermore, a significant theft, loss, disclosure, modification or misappropriation of, or access to, guests , employees , third parties or other proprietary data or other breach of our information technology systems could subject us or our franchisees to litigation or to actions by regulatory authorities. See also Item 1A. Risk Factors - Risks Related to Information Technology and Intellectual Property Information technology system failures or breaches of our network security could interrupt our operations and have a material adverse effect on our business, financial condition and results of operations . Governance The Audit Committee of our Board is tasked with oversight of certain risk issues, including cybersecurity. The Audit Committee receives reports on cybersecurity at least annually from the Company s SVP, Informational Technology, who has over 25 years of experience in the management of information technology systems and cybersecurity. The Audit Committee briefs the full Board of Directors on these matters as a part of its reports of its meetings. 34 Table of Contents

Company Information