RCM TECHNOLOGIES, INC. 10-K Cybersecurity GRC - 2024-03-14

Page last updated on April 11, 2024

RCM TECHNOLOGIES, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-14 17:25:48 EDT.

Filings

10-K filed on 2024-03-14

RCM TECHNOLOGIES, INC. filed an 10-K at 2024-03-14 17:25:48 EDT
Accession Number: 0001437749-24-007884

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Cybersecurity Risk Management and Strategy The Company has developed and implemented a cybersecurity risk management program intended to protect the confidentiality, integrity, and availability of its critical systems and information. The Company s cybersecurity risk management program includes a cybersecurity incident response plan and is integrated with the Company s overall enterprise risk management program, sharing common methodologies, reporting channels and governance processes that apply across the enterprise risk management program to other legal, compliance, strategic, operational and financial risk areas. While the Company may not meet any particular standard, specification or requirement of the Center for Internet Security Critical Security Controls, the Company utilizes such controls as a guide to help identify, assess and manage cybersecurity risks relevant to the business. The Company has implemented cybersecurity policies and frameworks based on industry and governmental standards to align closely with requirements, instructions, and guidance from ISO27001, NIST, CMMC, GDPR, HIPAA, SOC and SOX Compliance. Our cybersecurity risk management program includes, among other things: risk assessments designed to help identify material cybersecurity risks to critical systems and information services a team comprising information technology (IT) security, IT infrastructure, and IT compliance personnel principally responsible for directing (i) cybersecurity risk assessment processes, (ii) security processes and (iii) planned responses to cybersecurity incidents the use of external cybersecurity service providers, where appropriate, to assess, test or otherwise assist with aspects of security processes cybersecurity awareness training of employees with access to IT systems a cybersecurity incident response plan and Security Operations Center to respond to cybersecurity incidents and a third-party risk management process for service providers. During the year ended December 30, 2023, the Company has not identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected operations, business strategy, results of operations or financial condition. However, the Company expects to continue to face certain risks from ongoing cybersecurity threats that, if realized, are reasonably likely to materially affect the Company, including our operations, business strategy, results of operations or financial condition. See Risk Factors Cyber Security, Data Privacy and Data Center Capacity and Telecommunication Links. 21 ITEM 1C. CYBERSECURITY (CONTINUED) Cybersecurity Governance The Company s Board considers cybersecurity risk as part of its risk oversight function and considers cybersecurity and IT risks as key strategic risks of the Company. The Board oversees management s implementation of the Company s cybersecurity risk management program, receiving at least annual updates from management (including our Chief Information Officer) on cybersecurity risks, including briefings on the Company s cyber risk management program and cybersecurity incidents, and reviewing cybersecurity topics impacting companies with management and external experts. The Company s Chief Information Officer leads the IT and cybersecurity functions and has primary responsibility for leading the Company s overall cybersecurity risk management program, supervising both internal cybersecurity personnel and external cybersecurity service providers. The Company s cybersecurity function is responsible for assessing and managing material risks from cybersecurity threats, as well as informing management about and monitoring the prevention, detection, mitigation, and remediation of cybersecurity risks and incidents through various means, which include briefings with internal security personnel, threat intelligence and other information obtained from governmental, public or private sources, including external cybersecurity service providers and alerts and reports produced by security tools deployed in the IT environment. The Company s Chief Information Officer and Vice President of IT security and Compliance have significant experience in managing and leading information systems and deploying cybersecurity technologies and have extensive cybersecurity training and knowledge. The Company s Vice President of IT security and Compliance has several industry certifications, including CISSP (Certified Information Security System Professional), CCSP (Certified Cloud Security Professional) and CCSK (Certificate of Cloud Security Knowledge). The Company s Chief Information Officer reports to the Chief Executive Officer, and the Company s Vice President of IT Security and Compliance reports to the Company s Chief Information Officer.
ITEM 1C. CYBERSECURITY (CONTINUED) Cybersecurity Governance The Company s Board considers cybersecurity risk as part of its risk oversight function and considers cybersecurity and IT risks as key strategic risks of the Company. The Board oversees management s implementation of the Company s cybersecurity risk management program, receiving at least annual updates from management (including our Chief Information Officer) on cybersecurity risks, including briefings on the Company s cyber risk management program and cybersecurity incidents, and reviewing cybersecurity topics impacting companies with management and external experts. The Company s Chief Information Officer leads the IT and cybersecurity functions and has primary responsibility for leading the Company s overall cybersecurity risk management program, supervising both internal cybersecurity personnel and external cybersecurity service providers. The Company s cybersecurity function is responsible for assessing and managing material risks from cybersecurity threats, as well as informing management about and monitoring the prevention, detection, mitigation, and remediation of cybersecurity risks and incidents through various means, which include briefings with internal security personnel, threat intelligence and other information obtained from governmental, public or private sources, including external cybersecurity service providers and alerts and reports produced by security tools deployed in the IT environment. The Company s Chief Information Officer and Vice President of IT security and Compliance have significant experience in managing and leading information systems and deploying cybersecurity technologies and have extensive cybersecurity training and knowledge. The Company s Vice President of IT security and Compliance has several industry certifications, including CISSP (Certified Information Security System Professional), CCSP (Certified Cloud Security Professional) and CCSK (Certificate of Cloud Security Knowledge). The Company s Chief Information Officer reports to the Chief Executive Officer, and the Company s Vice President of IT Security and Compliance reports to the Company s Chief Information Officer.

Company Information