Mondee Holdings, Inc. 10-K Cybersecurity GRC - 2024-03-29

Page last updated on April 11, 2024

Mondee Holdings, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-29 17:18:11 EDT.

Filings

10-K filed on 2024-03-29

Mondee Holdings, Inc. filed an 10-K at 2024-03-29 17:18:11 EDT
Accession Number: 0001828852-24-000034

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Risk Management and Strategy The Company s risk management program includes governance through the Board of Directors and regular reporting by management to the Board. Our Chief Technology Officer is tasked with integrating any cybersecurity risk considerations into overall risk management strategy. Risk management includes regular risk assessments to identify internal and external risks and to evaluate the magnitude of harm that could arise out of such risks. Further, risk management may utilize third party service providers where complementary and supplementary to the Company s overall business strategy. Lastly, risk management includes training and education over the continuously evolving landscape of cybersecurity threats. We engage external parties, including consultants, independent privacy assessors, computer security firms and risk management and governance experts, to enhance our cybersecurity oversight. For example, we have engaged an outside consulting firm with expertise in the field to help us assess our systems, monitor risk and implement best practices and to support the internal audit of our cyber security programs and we regularly consult with industry groups on emerging industry trends. In addition, as part of our overall risk mitigation strategy, we also maintain cyber insurance coverage. Our cybersecurity policies, standards and procedures include cyber and data breach response plans, which are periodically assessed against the National Institute of Standards and Technology Cybersecurity Framework. Material Effects of Cybersecurity Threats Although cybersecurity risks have the potential to affect the business, financial condition, and results of operations, the Company does not believe that risks from attacks, including results from any previous cybersecurity incidents or threats, have materially affected or reasonably likely to materially affect the Company s strategy, operations or financial condition. However, no matter how well controls or designed or how well cybersecurity risk management procedures are implement, there can be no full assurance given that risk remains of an incident that could cause material harm to the business. See Any significant IT systems-related failures, interruptions or security breaches or any undetected errors or design faults in IT systems could result in limited capacity, reduced demand, processing delays, privacy risks and loss of customers, suppliers or marketplace merchants and a reduction of commercial activity in Item 1A, Risk Factors in this Annual Report on Form 10-K. Governance and Management The Audit Committee assesses cybersecurity risk management as part of its oversight functions. Cybersecurity risk management processes are devised, implemented and assessed quarterly by our Chief Technology Officer. Our Chief Technology Officer has more than 20 years of experience in cybersecurity and information technology, and based on his career, has a deep understanding of our information technology and business needs. Our Chief Technology Officer reports to the Audit Committee quarterly in regard to emerging risks and the overall cybersecurity environment and immediately if and when a cybersecurity incident occurs. Our Chief Technology Officer closely monitors cybersecurity risk, including our practices and procedures against the cybersecurity environment, including the operation of our incident response plan. Our cybersecurity program is designed to ensure the confidentiality, integrity, and availability of data and systems as well as to ensure timely identification of and response to any incidents. This design is geared toward supporting our business objectives and the needs of our valued customers, employees, and other stakeholders. We firmly believe that cybersecurity is a collective responsibility that extends to every employee, and we prioritize it as an ongoing objective. To increase our employees awareness of cyber threats, we provide education and share best practices through a security awareness training program. This includes receiving quarterly exercises, cyber-event simulations, training programs and an annual attestation to our Technology Acceptable Use Policy.

Company Information