INTELLINETICS, INC. 10-K Cybersecurity GRC - 2024-03-28

Page last updated on July 16, 2024

INTELLINETICS, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-28 16:01:13 EDT.


10-K filed on 2024-03-28

INTELLINETICS, INC. filed a 10-K at 2024-03-28 16:01:13 EDT
Accession Number: 0001493152-24-011731

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY We have implemented various processes designed to identify, assess and manage material risks from cybersecurity threats to our information networks, third-party hosted services, communications systems, hardware and software (collectively, our “Systems”), and our data and our clients’ data (together, “Data”). Our cybersecurity risk management efforts leverage the National Institute of Standards and Technology (NIST) cybersecurity framework, that also directly conforms to the SP800-53 r5 Information Security controls framework. Our cybersecurity personnel identify and assess risks using various methods and security tools designed to help prevent, identify, protect, detect, escalate, respond, and recover from identified vulnerabilities and security incidents in a timely manner. We maintain various technical, physical, and organizational measures, in the form of policies, standards, processes, and technical capabilities, designed to manage and mitigate material risks from cybersecurity threats to our Systems and Data, including, among other things, internal reporting, annual and ongoing cybersecurity awareness training for employees, mechanisms to detect and monitor unusual network activity, as well as threat detection, containment, incident response and backup recovery tools. We conduct tests of our cybersecurity program on a regular basis that are designed to identify our cybersecurity risks. We use third-party security service providers and cybersecurity consultants to assist us from time to time to identify, assess, and manage material risks from cybersecurity threats and review our cybersecurity program. The results of such reviews are reported to certain members of our senior management, who evaluate material risks from cybersecurity threats against our overall business objectives and report to the Board of Directors (Board), which evaluates our overall enterprise risk. Within our senior management our Chief Financial Officer and Chief Technology Officer (CTO) review our cybersecurity program at least quarterly. Our CTO is one of our founders and has been in technology since 1996. One of our board members is CEO of a technology company and another has been employed with a cyber security company. We use third-party service providers to perform a variety of functions throughout our business, such as Amazon Web Services, Expedient (Columbus, OH), and Corespace (Dallas, TX). Depending on the nature of the services provided, certain providers are subject to cybersecurity risk assessments at the time of onboarding. We also use various inputs to assess the risk of our third-party service providers, including information supplied by them. While we have not, as of the date of this Annual Report on Form 10-K, experienced a cybersecurity incident that resulted in a material adverse impact to our business or operations, there can be no guarantee that we will not experience such an incident in the future. For a description of the risks from cybersecurity threats that may materially affect the Company and how they may do so, please see “Risk Factors” included in Part I, Item 1A of this Annual Report on Form 10-K, including “Risks Related to Product Development” and “Financial Risks.”

Company Information

SIC DescriptionServices-Prepackaged Software
CategoryNon-accelerated filer
Smaller reporting company
Fiscal Year EndDecember 30