PARKE BANCORP, INC. 10-K Cybersecurity GRC - 2024-03-13

Page last updated on April 11, 2024

PARKE BANCORP, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-13 16:38:51 EDT.

Filings

10-K filed on 2024-03-13

PARKE BANCORP, INC. filed an 10-K at 2024-03-13 16:38:51 EDT
Accession Number: 0001315399-24-000024

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity The Risk Management Committee of the Board of Directors (the Committee ) is responsible for overseeing the risks from cybersecurity threats. The Committee receives reports from, and oversees, IT Risk Assessment, Cybersecurity Risk Assessment, Annual IT Program Status Report, Vendor Management Risk Assessment, and Quarterly Internal Vulnerability Reports and current Cyber Events briefings. The Committee also makes budgeting, procedure, and policy decisions designed and intended to improve the Company s residual risk. The IT Steering Committee consists of the Company s senior management, the entire IT team, and various operations personnel. The primary function of the IT Steering Committee is to perform Strategic Planning, discuss hardware and software replacement, new projects, current cybersecurity threats, and ongoing cybersecurity issues and threats. The IT manager provides an IT status report to the Risk Management committee on a quarterly basis. The Company has adopted an Incident Response Plan (the Plan ) to monitor, detect, mitigate and remediate cybersecurity incidents. The Plan requires all employees to have a working knowledge of the Company s Information Security Program and Incident Response Policies. Pursuant to the Plan, the Information Technology Administrator and Senior\Compliance Management identify information owners for sensitive customer information and create an incident 15 response team. Each Department Manager, upon notification of a potential unauthorized access, manipulation of data or theft of any item identified under GLBA Inventory and Asset Classification, is responsible for further assessing the situation in order to document the suspected or actual breech, and forward the appropriate documentation to the Information Technology Administrator. The documentation of the suspected or actual incident includes the following: a. Identify the nature and scope of the incident. b. Identify the information systems affected. c. Identify the types of customer information potentially affected. Once the Department Manager has determined that unauthorized access, manipulation of data or theft of any item identified under GLBA Inventory and Asset Classification has occurred, Senior Management, the Compliance Officer and the Information Technology Administrator must be contacted immediately. If theft of any item identified under GLBA Inventory and Asset Classification has occurred, and it cannot be determined what specific information was included on the Asset, the Asset is treated as if it contained sensitive customer information and Senior Management, the Compliance Officer and the Information Technology Administrator must be contacted immediately. If the Information Technology Administrator and Senior\Compliance Management declare an incident or if there is a confirmed theft or loss of customer information, appropriate regulatory authorities, law enforcement, and legal counsel are notified. During the fiscal year ended December 31, 2023, the risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have not materially affected the Company, its business strategy, results of operations, or financial condition. 16

Company Information