GEN Restaurant Group, Inc. 10-K Cybersecurity GRC - 2024-03-06

Page last updated on April 11, 2024

GEN Restaurant Group, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-06 17:15:36 EST.

Filings

10-K filed on 2024-03-06

GEN Restaurant Group, Inc. filed an 10-K at 2024-03-06 17:15:36 EST
Accession Number: 0000950170-24-027323

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybers ecurity. The Company is committed to protecting the confidentiality, integrity, and availability of its information systems and the data they contain from cybersecurity threats. The Company recognizes that cybersecurity is a dynamic and evolving area of risk that requires ongoing assessment, management, and oversight. The Company works third party companies to assess, identify, manage, and mitigate material cybersecurity threats, as well as to respond to and recover from cybersecurity incidents. The Company recognizes the importance of maintaining our technology and data systems. Our cybersecurity policies, standards, processes, and practices are integrated across our operational departments. Cybersecurity Risk Management and Strategy As one of the elements of our overall risk management program, we focus on the following key areas: Technical Safeguards: We deploy technical safeguards, including by not limited to firewalls, anti-malware functionality and access controls. Outside Consultants: We utilize outside consultants, including contractors and other third parties, to among other things , conduct regular testing of our networks and systems to identify vulnerabilities through penetration testing, while also measuring and advising on potential improvements to our incident prevention, response, and documentation procedures. We have not encountered cybersecurity threats or experienced previously cybersecurity incidents that have materially affected or that we believe are reasonably likely to materially affect us, including our business strategy, results of operations or financial condition. Governance Board of Directors Oversight Our Board is aware of the critical nature of managing risks associated with cybersecurity threats. Management works with our Board to establish oversight mechanisms to ensure effective governance in managing risks associated with cybersecurity threats because we recognize the significance of these threats to our operational integrity and stakeholder confidence. The Board has delegated to our Audit Committee the primary responsibility for oversight of cybersecurity risks. Management s Role Managing Risk Our Co-CEOs, CFO, and IT Manager play a primary role in informing the Audit Committee on cybersecurity risks. Our IT Manager has 7 years of experience with the Company, which includes managing cybersecurity. These individuals monitor activity and potential risks related to the day-to-day operations of the business, including reviewing results of the work of our outside consultants. They will provide briefings to the Audit Committee on a periodic basis regarding cybersecurity matters, including but not limited to the following: Current cybersecurity landscape and emerging threats; Status of ongoing cybersecurity initiatives and strategies; Incident reporting, if any, and learning from any cybersecurity events; Risk mitigation efforts and insurance, and Compliance with regulatory requirements and industry standard. 40

Company Information