Paysign, Inc. 10-K Cybersecurity GRC - 2024-03-27

Page last updated on April 11, 2024

Paysign, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-27 07:46:50 EDT.

Filings

10-K filed on 2024-03-27

Paysign, Inc. filed an 10-K at 2024-03-27 07:46:50 EDT
Accession Number: 0001683168-24-001729

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY. Cyber criminals are becoming more sophisticated and effective every day, and they are increasingly targeting software companies. All companies utilizing technology are subject to threats of breaches of their cybersecurity programs. To mitigate the threat to our business, we take a comprehensive approach to cybersecurity risk management and make securing the data customers and other stakeholders entrust to us a top priority. Our Board and our management are actively involved in the oversight of our risk management program, of which cybersecurity represents an important component. As described in more detail below, we have established policies, standards, processes and practices for assessing, identifying, and managing material risks from cybersecurity threats. We have devoted financial and personnel resources to implement and maintain security measures to meet regulatory requirements and customer expectations, and we intend to continue to make significant investments to maintain the security of our data and cybersecurity infrastructure. There can be no guarantee that our policies and procedures will be properly followed in every instance or that those policies and procedures will be effective. Although our Risk Factors include further detail about the material cybersecurity risks we face, we believe that risks from prior cybersecurity threats, including as a result of any previous cybersecurity incidents, have not materially affected our business to date. We can provide no assurance that there will not be incidents in the future or that they will not materially affect us, including our business strategy, results of operations, or financial condition. Risk Management and Strategy We understand the critical importance of cybersecurity in protecting our operations, customer data, and the integrity of our services. Our commitment to cybersecurity is unwavering, and we adopt a serious, multi-layered approach to minimize the risks and potential impacts of cyber-attacks which has been integrated into our overall risk management process. Our strategies are designed to ensure the resilience and security of our systems, safeguarding against both internal and external vulnerabilities. We employ state-of-the-art technologies and practices to secure our systems. This includes deploying advanced encryption, securing network infrastructure, and implementing robust access controls and authentication mechanisms. While we can provide no assurance against unauthorized access and breaches, our information technology infrastructure is designed with security at its core, with all data, whether at rest or in transit, being protected against unauthorized access and breaches. 17 Partnerships and Collaboration We believe in the strength of collaboration in combating cyber threats. We actively engage with cybersecurity communities, industry groups, and regulatory bodies to stay ahead of evolving cyber risks. By sharing knowledge and best practices, we enhance our defenses and contribute to the broader effort of securing the digital ecosystem. We maintain controls and procedures that are designed to ensure prompt escalation of certain cybersecurity incidents so that decisions regarding public disclosure and reporting of such incidents can be made by management and the Board in a timely manner. Risk Assessment We continuously monitor our information technology environment to detect and respond to threats in real-time. Our dedicated cybersecurity team uses sophisticated tools to track anomalies, potential vulnerabilities, and ongoing attacks. This includes leveraging a best-in-class third-party 24/7/365 Security Operations Center. This proactive surveillance allows us to address threats swiftly, mitigating any possible impact on our operations and clients. Semi-annually, we leverage third-party independent consultants to perform penetration and segmentation testing of our internal and externally facing environments. The results of the assessment are used to drive alignment on, and prioritization of, initiatives to enhance our security controls, make recommendations to improve processes, and inform a broader risk assessment that is presented to our Board, Audit Committee, and members of management. Technical Safeguards Cybersecurity is an ever-evolving field, and we are committed to continuous improvement of our security practices. We regularly review and update our cybersecurity policies, procedures, and technologies to address new challenges and adapt to the changing threat landscape. Incident Response and Recovery Planning Cybersecurity is a foundational element of our operations. Our multi-layered approach encompassing system security, vigilant monitoring, comprehensive training, and collaborative engagement demonstrates our dedication to protecting our company, our clients, and the financial ecosystem. We remain steadfast in our commitment to maintaining the highest standards of cybersecurity resilience and response. We have established comprehensive incident response and recovery plans and continue to regularly test and evaluate the effectiveness of those plans. Our incident response and recovery plans address and guide our employees, management and the Board on our response to a cybersecurity incident. Education and Awareness Recognizing that human error can often be a weak link in cybersecurity defenses, we are committed to regular and comprehensive training for all employees and executives. This includes annual cybersecurity awareness sessions for our Board, ensuring that our highest levels of leadership are informed and vigilant about the latest cybersecurity trends and threats. Our training programs are designed to foster a culture of security awareness, equipping our team with the knowledge and tools needed to recognize and prevent cyber threats. Cybersecurity Threats We are not aware of any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, that have materially affected or are reasonably likely to materially affect, our business strategy, results of operations, or financial condition. Governance Board Oversight Our Board, in coordination with the Audit Committee, oversees our management of cybersecurity risk. They receive regular reports from management about the prevention, detection, mitigation, and remediation of cybersecurity incidents, including material security risks and information security vulnerabilities. Our Audit Committee directly oversees our cybersecurity program. The Audit Committee receives regular updates from management on cybersecurity risk resulting from risk assessments, progress of risk reduction initiatives, external auditor feedback, control maturity assessments, and relevant internal and industry cybersecurity incidents. 18 Management s Role Our Chief Technology Officer, Information Security Officer, and General Counsel have primary responsibility for assessing and managing material cybersecurity risks and are members of our management s Information Technology Steering Committee (the Security Committee ), which is a governing body that drives alignment on security decisions across the Company. Such individuals have experience in various roles for public companies involving managing information security, managing risk, implementing effective information and cybersecurity programs, and adhering to relevant compliance requirements. The Security Committee meets at least quarterly to review security performance metrics, identify security risks, and assess the status of approved security enhancements. The Security Committee also considers and makes recommendations on security policies and procedures, security service requirements, and risk mitigation strategies.

Company Information