AUDIOEYE INC 10-K Cybersecurity GRC - 2024-03-07

Page last updated on April 11, 2024

AUDIOEYE INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-07 16:53:58 EST.

Filings

10-K filed on 2024-03-07

AUDIOEYE INC filed an 10-K at 2024-03-07 16:53:58 EST
Accession Number: 0001410578-24-000150

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Cybersecurity Risk Management and Strategy We recognize the importance of assessing, identifying, and managing material risks associated with cybersecurity threats, as such term is defined in Item 106(a) of Regulation S-K. These risks include, among other things: operational risks, intellectual property theft, fraud, extortion, harm to employees or customers and violation of data privacy or security laws. Identifying and assessing cybersecurity risk is integrated into our overall risk management systems and processes. Cybersecurity risks related to our business, technical operations, privacy and compliance issues are identified and addressed through an internal IT Audit, IT security, governance, risk and compliance reviews. To defend, detect and respond to cybersecurity incidents, we, among other things: conduct proactive privacy and cybersecurity reviews of systems and applications, audit applicable data policies, perform penetration testing using external third-party tools and techniques to test security controls, conduct employee training, monitor emerging laws and regulations related to data protection and information security (including our products) and implement appropriate changes. We have implemented incident response processes in the event of a cybersecurity threat. Such incident responses are overseen by functional leaders and internal experts. In the event of a cybersecurity threat, security events and data incidents are evaluated, ranked by severity and prioritized for response and remediation. Incidents are evaluated to determine materiality as well as operational and business impact and reviewed for potential privacy impact. As part of the above processes, we have engaged external auditors and consultants to assess our internal cybersecurity programs and compliance with applicable practices and standards, and we are in the process of obtaining a SOC 2 Type II report. We describe whether and how risks from identified cybersecurity threats are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition, under the heading Security and privacy breaches, computer viruses, and cyber-attacks could harm our business, financial condition, results of operations, or reputation. included as part of our risk factor disclosures at Item 1A of this Annual Report on Form 10-K. Cybersecurity Governance Cybersecurity is an important part of our risk management processes and an area of focus for our Board and management. Our Audit Committee is responsible for the oversight of risks from cyber and data security threats. Members of the Board or Audit Committee receive periodic updates from senior management regarding our cybersecurity processes and risks. Members of management that comprise our incident response team include the following officers (or those with similar responsibility): Senior Director of Information Technology, Vice President of Engineering, Chief Financial Officer, General Counsel, Customer Success (if customer data is affected), and Vice President of Human Resources (if employee data is affected). As part of our internal response policy, upon confirmation of a breach, a remediation process is initiated, led by our Principal Privacy Officer who chairs an incident response team. This team may include members from relevant departments such as Product Development, Information Technology, Finance, Legal, Marketing, 18 Table of Contents Client/Customer Services and Human Resources, any other relevant units or departments affected by the breach and any additional personnel as deemed necessary. The Principal Privacy Officer is responsible for overseeing the determination of whether a breach occurred, coordinating with third parties handling protected information, and ensuring compliance with legal obligations. Forensic investigators, provided through AudioEye s cyber insurance or as deemed necessary by the Principal Privacy Officer, will analyze the breach to understand its cause and extent. A communication plan will be developed by Marketing, Legal, and Human Resources to inform internal employees, the public, those directly affected, and regulatory authorities, as necessary to help ensure all notifications comply with relevant laws and regulations.

Company Information