CREATIVE REALITIES, INC. 10-K Cybersecurity GRC - 2024-03-21

Page last updated on April 11, 2024

CREATIVE REALITIES, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-21 08:18:00 EDT.

Filings

10-K filed on 2024-03-21

CREATIVE REALITIES, INC. filed an 10-K at 2024-03-21 08:18:00 EDT
Accession Number: 0001437749-24-008777

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C CYBERSECURITY Cybersecurity Risk Management and Strategy We have developed and implemented cybersecurity risk management processes intended to protect the confidentiality, integrity, and availability of our critical systems and information. While everyone at our company plays a part in managing cybersecurity risks, primary cybersecurity oversight responsibility is shared by our Board of Directors and senior management. Our cybersecurity risk management program is integrated into our overall enterprise risk management program. Our cybersecurity risk management program includes: physical, technological, and administrative controls intended to support our cybersecurity and data governance framework, including protections designed to protect the confidentiality, integrity, and availability of our key information systems and customer, employee, partner, and other third-party information stored on those systems, such as access controls, encryption, data handling requirements, and other cybersecurity safeguards, and internal policies that govern our cybersecurity risk management and data protection practices a defined procedure for timely incident detection, containment, response, and remediation, including a written security incident response plan that includes procedures for responding to cybersecurity incidents cybersecurity risk assessment processes designed to help identify material cybersecurity risks to our critical systems, information, products, services, and broader enterprise IT environment cybersecurity awareness training of our employees, incident response personnel, and senior management a cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents the use of external consultants or other third-party experts and service providers, where considered appropriate, to assess, test, or otherwise assist with aspects of our cybersecurity controls and. annual cybersecurity and privacy training of employees, including incident response personnel and senior management, and specialized training for certain teams depending on their role and/or access to certain types of information, such as consumer information. 18 Table of Contents Over the past fiscal year, we have not identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents we have experienced from time to time, that have materially affected or are reasonably likely to materially affect us, including our operations, business strategy, operating results, or financial condition. We will continue to monitor and assess our cybersecurity risk management program as well as invest in and seek to improve such systems and processes as appropriate. If we were to experience a material cybersecurity incident in the future, such incident may have a material adverse effect on our operations, business strategy, operating results, and financial condition. For more information regarding cybersecurity risks that we face and potential related impacts on our business, see the section titled Risk Factors in Part I, Item 1A of this Report. Board Governance Our full Board of Directors oversees our risk management, including our information technology and cybersecurity policies, procedures, and risk assessments. Our management reports to our Board of Directors on information security matters as necessary, regarding any significant cybersecurity incidents, as well as any incidents with lesser impact potential. One of the key functions of our Board of Directors is informed oversight of our various processes for managing risk. An overall review of risk is inherent in our Board of Directors ongoing consideration of our long-term strategies, transactions and other matters presented to and discussed by the Board of Directors. This includes a discussion of the likelihood and potential magnitude of various risks, including cybersecurity risks, and any actions management has taken to limit, monitor or control those risks. The Board of Directors receives briefings from management periodically on our cyber risk management program and presentations on cybersecurity topics as part of the Board of Directors continuing education on topics that impact public companies.

Company Information