Identiv, Inc. 10-K Cybersecurity GRC - 2024-03-14

Page last updated on April 11, 2024

Identiv, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-14 20:38:42 EDT.

Filings

10-K filed on 2024-03-14

Identiv, Inc. filed an 10-K at 2024-03-14 20:38:42 EDT
Accession Number: 0000950170-24-031816

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Risk Management and Strategy We have established policies and processes for assessing, identifying and managing material cybersecurity risks, and have integrated these processes into our overall risk management processes. We have also established policies and processes for managing and responding to material cybersecurity incidents. We routinely assess material cybersecurity risks, including potential unauthorized occurrences on, or conducted through, our information systems that may compromise the confidentiality, integrity or availability of those systems or information maintained in them. We conduct periodic risk assessments to identify cybersecurity threats, as well as assessments when there is a material change in our business practices that we believe could affect information systems that are vulnerable to cybersecurity threats. These risk assessments include identifying reasonably foreseeable internal and external risks and the potential harm if the risks were to materialize using tools such as a SIEM (Network and Cloud Platform Log Collector), Network Vulnerability Scanner, and other utilities for monitoring all Company assets. We conduct these risk assessments directly and also engage security product platform support teams as needed. Following these risk assessments, we evaluate how to appropriately implement and maintain reasonable safeguards to mitigate identified risks reasonably address any identified gaps in existing safeguards and regularly monitor the effectiveness of our safeguards. We devote significant resources and designate members of our management team, including our executive staff, IT team, and Global Director of IT who reports to our Chief Executive Officer (“CEO”) and Chief Financial Officer (“CFO”), to manage the risk assessment and mitigation process. As part of our overall risk management, we collaborate cross-functionally to monitor and test our safeguards and to train our employees on cybersecurity risks and safeguards. We offer cybersecurity training programs for employees at all levels and departments. We require appropriate third-party service providers to certify that they can implement and maintain appropriate security measures, consistent with all applicable laws, in connection with their work for us, and to promptly report any suspected breach of their security measures that may affect our Company. We oversee and identify risks from cybersecurity threats associated with our use of service providers through an onboarding vendor risk management program. While we have not, as of the date of this Annual Report on Form 10-K, experienced a cybersecurity threat or incident that resulted in a material adverse impact to our business strategy, results of operations, or financial condition, there can be no guarantee that we will not experience such threats or incidents in the future. Like any technology provider, we have experienced cybersecurity incidents in the past which were remediated on a case-by-case basis. See Risk Factors for more information on our cybersecurity risks. Cybersecurity Governance One of the key functions of our board of directors is informed oversight of our risk management process, including risks from cybersecurity threats. Our board of directors has been responsible for monitoring and assessing our strategic risk exposure with respect to cybersecurity risks and, going forward, the audit committee of our board of directors will oversee management of such risks. Our executive officers, including our CEO and CFO, are responsible for day-to-day management of the material risks we face. Our Global Director of IT, in coordination with our executive officers, including our CEO and CFO, are responsible for assessing and managing material risks from cybersecurity threats, as well as managing and responding to material cybersecurity incidents if any occur. Our Global Director of IT has over 30 years of experience in various information technology roles, which experience includes management of cybersecurity matters, including over 20 years of experience as an IT Director. Our CEO has over 30 years of experience in information technology and cybersecurity risk management at the Company and at similar companies, and our CFO has over 10 years of experience in risk management at the Company and at similar companies, including risks arising from cybersecurity threats. Our Global Director of IT provides weekly briefings to the CEO and CFO about our cybersecurity risks and activities, including cybersecurity incidents and responses, cybersecurity systems testing, third-party activities and related topics. In the event threats and incidents are identified as potentially significant, the CEO and CFO will promptly report to our audit committee. As part of our continued investment in developing our overall risk management process, going forward, our Global Director of IT will provide periodic updates to the audit committee on the Company s cybersecurity policies and processes, material cybersecurity risks and mitigation strategies, and the audit committee will provide periodic reports to the board of directors on such matters. 19

Company Information