Blink Charging Co. 10-K Cybersecurity GRC - 2024-03-18

Page last updated on April 11, 2024

Blink Charging Co. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-18 08:50:53 EDT.

Filings

10-K filed on 2024-03-18

Blink Charging Co. filed an 10-K at 2024-03-18 08:50:53 EDT
Accession Number: 0001493152-24-010214

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY. Our management recognizes the importance of assessing, identifying, and managing material risks associated with cybersecurity threats, and manages those risks with a t risk-management cybersecurity program. Among other things, these risks include operational risks, financial system risks, physical security risks, intellectual property theft, fraud, extortion, violation of data privacy and security laws, and harm to employees, drivers, site hosts, and property owners. Our capabilities and data, as well as those of our customers, suppliers, partners, and service providers, are critical to our operations and may contain confidential personal information, sensitive business-related information, or intellectual property. These capabilities are also susceptible to interruptions (including those caused by systems failures, cyber-attacks, and other natural or man-made incidents or disasters), which may be prolonged or go undetected. For additional information regarding risks from cybersecurity threats, please refer to Item 1A, Risk Factors, in this Annual Report on Form 10-K. Risk Management and Strategy We aim to incorporate industry best practices throughout our cybersecurity program and have live data recovery and breach policies in place. Our cybersecurity strategy focuses on implementing effective and efficient controls, technologies, and other processes to assess, identify, and manage material cybersecurity risks. Our cybersecurity program is designed to be aligned with applicable industry standards and is evaluated annually, including by our third-party auditors, as a part of our Sarbanes-Oxley information technology control testing procedures. 25 We have processes to assess, identify, manage, and address material cybersecurity threats and incidents. These include annual and ongoing security awareness training for employees, vulnerability scanning, code reviews, annual pen testing of the network and charging stations, and third-party risk assessments, among others. We actively engage with industry groups for benchmarking and best practices awareness. While we are unaware of having been subjected to or impacted by a significant cybersecurity threat to date, we monitor internally discovered or externally reported issues that may affect our products and services and have processes to assess those issues for potential cybersecurity impact or risk. We also have a process to manage cybersecurity risks associated with third-party service providers. We impose industry-standard security requirements upon our suppliers, including that they maintain an effective security management program abide by information handling and asset management requirements and notify us of any known or suspected cyber incident, among others. We obtain and review our third-party service providers SOC 1 Type II reports for appropriate information technology controls, including security, to ensure that they adhere to these standards. Cybersecurity Governance Cybersecurity is an integral part of our risk management processes and a significant area of focus for the Board of Directors and management team. The Audit Committee is responsible for the cybersecurity component of our IT operations, and the Audit Committee reviews the status of ongoing efforts and incidents at every Board of Directors meeting. In addition to our Board-level Audit Committee, management implemented a Cybersecurity Committee comprised of representatives of upper management, Legal, Marketing, Technology, and Operations to maintain and improve our cybersecurity strategy based on most current industry developments and recent incidents as needed. The Cybersecurity Committee formal meeting occurs biannually, with less formal status update meetings happening more often and as necessary. The members of the Cybersecurity Committee have prior work experience in various roles involving information technology, including security, auditing, compliance, systems and programming. These individuals are informed about, and monitor the prevention, mitigation, detection and remediation of cybersecurity incidents through their management of, and participation in, the Cybersecurity Committee, and report to the Audit Committee on any appropriate items.

Company Information