RYVYL Inc. 10-K Cybersecurity GRC - 2024-03-26

Page last updated on April 11, 2024

RYVYL Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-26 16:06:34 EDT.

Filings

10-K filed on 2024-03-26

RYVYL Inc. filed an 10-K at 2024-03-26 16:06:34 EDT
Accession Number: 0001185185-24-000318

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity We have processes for assessing, identifying, and managing material risks from cybersecurity threats. These processes are integrated into our overall risk management systems, as overseen by our Board, primarily through its audit committee. These processes also include overseeing and identifying risks from cybersecurity threats associated with the use of third-party service providers. We conduct risk assessments of certain third-party providers before engagement and have established monitoring procedures in an effort to assess and mitigate potential data security exposures originating from third parties. We from time to time engages third-party consultants, legal advisors, and audit firms in evaluating and testing our risk management systems and assessing and remediating certain potential cybersecurity incidents as appropriate. Governance Board of Directors The audit committee of our Board oversees, among other things, the adequacy and effectiveness of our internal controls, including internal controls designed to assess, identify, and manage material risks from cybersecurity threats. The audit committee is informed of material risks from cybersecurity threats pursuant to the escalation criteria as set forth in our disclosure controls and procedures. Further, at least once per quarter, our management team reports on cybersecurity matters, including material risks and threats, to the audit committee, and the audit committee provides updates to the Board at regular Board meetings. Our management team also provides updates annually or more frequently as appropriate to the Board. Management Under the oversight of the audit committee of the Board, and as directed by our Chief Executive Officer ( CEO ) and Chief Operating Officer ( COO ), the Head of IT is primarily responsible for the assessment and management of material cybersecurity risks and the Company s annual security audits to meet the payment industry expectations. Our management team holds a regular cybersecurity and business continuity reviews to evaluate data security exposures, control effectiveness and necessary remediation actions. The Head of IT is also supported by a third-party IT consulting services provider who helps oversee our IT systems and provides cross-functional support for cybersecurity risk management and facilitates the response to any cybersecurity incidents. Our Head of IT oversees our cybersecurity incident response plan and related processes that are designed to assess and manage material risks from cybersecurity threats. Our Head of IT also coordinates with our legal counsel and third parties, such as consultants and legal advisors, to assess and manage material risks from cybersecurity threats. Our management team is informed about the effectiveness of the prevention, detection, mitigation, and remediation of cybersecurity incidents pursuant to criteria set forth in our incident response plan and related processes. Our audit committee is responsible for overseeing the establishment and effectiveness of controls and other procedures, including controls and procedures related to the public disclosure of material cybersecurity matters. Our Head of IT, or a delegate, informs the COO of certain cybersecurity incidents that may potentially be determined to be material pursuant to escalation criteria set forth in our incident response plan and related processes. The COO is also primarily responsible for advising our CEO and Chief Financial Officer regarding cybersecurity disclosures in public filings. The COO also notifies the audit committee chair of any material cybersecurity incidents. As of the date of this Report, we are not aware of any cybersecurity incidents that have materially affected or are reasonably likely to materially affect the Company, including its business strategy, results of operations, or financial condition and that are required to be reported in this Report. For further discussion of the risks associated with cybersecurity incidents, see the cybersecurity risk factor included in the section entitled Item 1A. Risk Factors in this Report.

Company Information