Chosen, Inc. 10-K Cybersecurity GRC - 2024-04-01

Page last updated on April 11, 2024

Chosen, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-04-01 17:26:13 EDT.

Filings

10-K filed on 2024-04-01

Chosen, Inc. filed an 10-K at 2024-04-01 17:26:13 EDT
Accession Number: 0001410578-24-000418

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity We understand the importance of preventing, assessing, identifying, and managing material risks associated with cybersecurity threats. Cybersecurity processes to assess, identify and manage risks from cybersecurity threats have been incorporated as a part of our overall risk assessment process and have been embedded in our operating procedures, internal controls, and information systems. On a regular basis, we implement into our operations these cybersecurity processes, technologies, and controls to assess, identify and manage material risks. We also maintain a third-party security program to identify, prioritize, assess, mitigate and remediate third party risks. However, we rely on the third parties we use to implement security programs commensurate with their risk, and we cannot ensure in all circumstances that their efforts will be successful. To manage our material risks from cybersecurity threats and to protect against, detect, and prepare to respond to cybersecurity incidents, we: Conduct periodic vulnerability assessments and mitigate vulnerabilities for our systems and processes that include sensitive data - 18 - Table of Contents Conduct regular security awareness trainings and phishing simulation attacks Carry cybersecurity risk insurance that provides protection against the potential losses arising from a cybersecurity incident and Perform periodic gap analyses to review our cybersecurity controls for gaps and implement the closure actions. Our incident response plan coordinates the activities that we and our third-party cybersecurity providers take to prepare to respond and recover from cybersecurity incidents, which include processes to triage, assess severity, investigate, escalate, contain, and remediate an incident, as well as to comply with potentially applicable legal obligations and mitigate brand and reputational damage. To date, we have not experienced any cybersecurity incidents that have had a material impact on our service, systems, business, financial condition, or results of operations. Any significant disruption to our service or access to our systems could adversely affect our business, results of operation and reputation. Further, a penetration of our systems or a third-party s systems or other misappropriation or misuse of personal information could subject us to business, regulatory, litigation and reputation risk, which could have a negative effect on our business, financial condition, and results of operations. See Risk Factors Cybersecurity Any significant disruption in or unauthorized access to our computer systems or those of third parties that we utilize in our operations, including those relating to cybersecurity or arising from cyber-attacks, could result in a loss or degradation of service, unauthorized disclosure of data, including corporation information, or theft of intellectual property, including digital content assets, which could adversely impact our business. Management has implemented risk management structures, policies, and procedures, and manages our risk exposure on a day-to-day basis. We have a cybersecurity organization within our operations department that focuses on current and emerging cybersecurity matters and leverages cybersecurity consultants and third-party cybersecurity firms.

Company Information