P10, Inc. 10-K Cybersecurity GRC - 2024-03-12

Page last updated on April 11, 2024

P10, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-12 21:51:03 EDT.

Filings

10-K filed on 2024-03-12

P10, Inc. filed an 10-K at 2024-03-12 21:51:03 EDT
Accession Number: 0000950170-24-030461

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. We maintain an information security program and governance framework that is designed to protect our information systems against operational risks related to cybersecurity. Cybersecurity Risk Management and Strategy We utilize third party cybersecurity consultancy firms to manage and execute our cybersecurity programs. These third party firms are led and supervised by our Chief Technology Officer ( CTO ). Our policies, standards, processes and practices for assessing, identifying, and managing material risks from cybersecurity threats are integrated into our overall risk management program and are based on frameworks established by the National Institute of Standards and Technology ( NIST ), the International Organization for Standardization and other applicable industry standards. On a quarterly basis, our third party cybersecurity consultancy firms perform phish testing and on demand information security training. On a yearly basis, our third party consultancy firms perform, among other trainings and assessments, information security awareness training, internal cybersecurity risk assessments, internal and external penetration tests, key vendor risk assessments, incident response tabletop exercises, written information security and business continuity plan policy gap analysis reviews and revisions as well as incident response plan reviews and revisions. The results of the assessments are used to drive alignment on, and prioritization of, initiatives to enhance our security controls, make recommendations to improve processes, and inform a broader enterprise-level risk assessment that is presented to our Board, Audit Committee and members of management. While we do not believe that our business strategy, results of operations, or financial condition have been materially adversely affected by any cybersecurity incidents, cybersecurity threats are pervasive, and, similar to other global financial services firms, we, as well as our clients, investors, associates, regulators, service providers, and other third parties, have experienced a significant increase in information security and cybersecurity risk in recent years and will likely continue to be the target of cyber attacks. We continue to assess the risks and changes in the cyber environment, invest in enhancements to our cybersecurity capabilities, and engage in industry and government forums to promote advancements in our cybersecurity capabilities, as well as the broader financial services cybersecurity ecosystem. For more information on risks to us from cybersecurity threats, see Operational risks, data security breaches, loss or leakage of data and other interruptions of our information technology systems or those of our third-party service providers may disrupt our business, compromise sensitive information related to our business, or prevent us from accessing critical information, which may result in losses or limit our growth. in Item 1A Risk Factors of this Form 10-K. Cybersecurity Governance Board Oversight Our Board of Directors and Audit Committee are primarily responsible for overseeing and governing our cybersecurity risk management program. Our Board receives updates on cybersecurity and material cybersecurity risks as needed and at least annually by our Chief Compliance Officer or their designee. Management’s Role Our CTO and Chief Compliance Officer have primary responsibility for assessing and managing material cybersecurity risks, including overseeing and identifying cybersecurity risks associated with our use of third party cybersecurity consultancy firms, and are members of management s IT Steering Committee, which consists of management team members and certain employees who drive alignment on technology and security decisions across the Company. The IT Steering Committee meets monthly to review security performance metrics, identify security risks, and assess the status of approved security enhancements. The IT Steering Committee also considers and makes recommendations to management, the Board of Directors and the Audit Committee on security policies and procedures, security service requirements, and cybersecurity risk mitigation strategies.

Company Information