INNOVATIVE FOOD HOLDINGS INC 10-K Cybersecurity GRC - 2024-03-21

Page last updated on April 11, 2024

INNOVATIVE FOOD HOLDINGS INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-21 12:59:03 EDT.

Filings

10-K filed on 2024-03-21

INNOVATIVE FOOD HOLDINGS INC filed an 10-K at 2024-03-21 12:59:03 EDT
Accession Number: 0001185185-24-000295

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. Cybersecurity Risk Our cybersecurity risks include theft of business data, fraud or extortion, lack of access to our information systems, harm to employees, harm to business partners, violation of privacy laws, potential reputational damage, and litigation or other legal risk if a cybersecurity incident were to occur. It is difficult to assign a monetary materiality assessment to these risks or to the impact if we were to sustain a breach of our systems. Our approach is based on the premise that any cybersecurity incident could result in material harm to the Company. We utilize Information Technology Associates ( ITA ), an outsourced IT provider which has been designated with oversight responsibility for our cybersecurity risks. ITA possesses a deep understanding of our information technology systems, including methods to manage and monitor cybersecurity risks. It also provides active monitoring and risk assessments of cybersecurity threats and communicates such threats to our Company. Low risk threats are communicated to our systems analysts, and high risk threats are first communicated to Bill Bennett (our CEO and director), Brady Smallwood (our COO and director), and Gary Schubert, our CFO, and are then discussed with our board of directors. We conduct annual assessments of risks posed by cybersecurity threats in conjunction with our insurance renewal cycles. This includes a thorough review of our systems and vulnerabilities. As a result of these assessments, we have implemented tools and practices to proactively monitor our systems and user accounts including, but not limited to, deploying solutions to constantly monitor users accessing systems, implementation of two factor authentication for logins, and improved rules for password maintenance. Additionally, we require our associates to complete cybersecurity awareness training provided by NINJIO. Like many companies, we make use of cloud-based solutions provided by several large service providers for critical information technology infrastructure such as email and file storage. We do not maintain stand-alone servers for our emails. However, we do maintain a standalone server for our main enterprise resource planning (ERP) program (Great Plains), and we maintain two servers dedicated to processing orders for Artisan Specialty Foods and Food Innovations, Inc. We also maintain a file server that currently houses approximately one terabyte of data. Each of our servers is protected by firewall and two-factor-authentication. Additionally, we take multiple snapshots of our servers several times throughout the day and store encrypted backups of our data both locally and in a cloud server to mitigate loss in the event of any malicious attacks on these resources. In the normal course of our relationships with the providers of our services not controlled in-house, we regularly monitor their message boards and other formal and informal communications channels for signs of breaches of their systems. We also survey available public information for indications that they have suffered a breach of their systems.

Company Information