AlTi Global, Inc. 10-K Cybersecurity GRC - 2024-03-22

Page last updated on April 11, 2024

AlTi Global, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-22 08:34:49 EDT.

Filings

10-K filed on 2024-03-22

AlTi Global, Inc. filed an 10-K at 2024-03-22 08:34:49 EDT
Accession Number: 0001628280-24-012642

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Cybersecurity Risk Management and Strategy The Company has implemented a cybersecurity risk management program that is designed to identify, respond to, protect against and manage cybersecurity threats and incidents. Our cybersecurity risk management processes include regular assessments of our cyber threat detection and response capabilities. We have established cybersecurity risk assessment processes, which include annual risk assessments using third-party consultants. Our Chief Information Security Officer ( CISO ) has oversight over our information security policies and works with our internal IT resources and third-party managed IT support providers to facilitate the implementation of our cybersecurity risk assessment and management processes. Our cybersecurity risk management processes are designed to protect systems and data and contain preventive and detective controls, including internal and external testing. We also provide cybersecurity awareness training to our employees during onboarding and periodically thereafter, including through simulated phishing attacks. We maintain processes designed to evaluate the security practices and controls of our critical third-party vendors that have access to our confidential information, which includes security questionnaires and third-party information security assessments, as applicable. We maintain policies regarding our information security practices, including an incident response plan to coordinate response and mitigation efforts in the event we experience a cybersecurity incident. These policies require notification of cybersecurity incidents to our information security team, and if warranted based on the perceived level of severity of the incident, to members of our executive leadership. We have not identified any cybersecurity incidents or threats that have materially affected us, including our business strategy, results of 73 operations, or financial condition. However, like other companies in our industry, we and our third-party vendors have from time to time experienced threats and security incidents that could affect our information or systems. For more information, please consult ITEM 1A. RISK FACTORS . Cybersecurity Governance Related to Cybersecurity Risks Our Board considers cybersecurity risk as part of its overall risk oversight, and has delegated to the Audit, Finance and Risk Committee ( AFRC ) responsibility for oversight of major risk exposures, including in relation to security, cybersecurity and privacy. At the management level, we have also established an Executive Risk and Compliance Committee ( ERCC ), which oversees the development and implementation of our risk oversight and management processes, including in relation to cybersecurity. The ERCC is comprised of members of our executive leadership from across the organization. Our CISO reports to the ERCC on identified material cyber risks (if any) and on the implementation of cybersecurity priorities. The members of the ERCC, in turn, are responsible for updating the AFRC, and, where required, our Board on key milestones and progress regarding identified material cyber threats. Our CISO is responsible for advising on the strategic and operational processes related to our cyber risk management program. Our CISO has over two decades of cybersecurity experience, has served on a cybersecurity advisory board for a university, and is a Certified Information Systems Security Professional.

Company Information