REGO PAYMENT ARCHITECTURES, INC. 10-K Cybersecurity GRC - 2024-04-01

Page last updated on April 11, 2024

REGO PAYMENT ARCHITECTURES, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-04-01 16:30:41 EDT.

Filings

10-K filed on 2024-04-01

REGO PAYMENT ARCHITECTURES, INC. filed an 10-K at 2024-04-01 16:30:41 EDT
Accession Number: 0001214659-24-005793

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Risk Management and Strategy Our corporate information technology, communication networks, enterprise applications, accounting and financial reporting platforms, and related systems, and those that we offer to our customers are necessary for the operation of our business. We use these systems, among others, to manage our customer and vendor relationships, for internal communications, for accounting to operate record-keeping functions, and for many other key aspects of our business. Our business operations rely on the secure collection, storage, transmission, and other processing of proprietary, confidential, and sensitive data. We have implemented and maintain various information security processes designed to identify, assess and manage material risks from cybersecurity threats to our critical computer networks, third-party hosted services, communications systems, hardware and software, and our critical data, including intellectual property, confidential information that is proprietary, strategic or competitive in nature, and tenant data ( Information Systems and Data ). We identify and assess risks from cybersecurity threats by monitoring and evaluating our threat environment and our risk profile using various methods. Depending on the environment, we implement and maintain various technical, physical, and organizational measures, processes, standards, and/or policies designed to manage and mitigate material risks from cybersecurity threats to our Information Systems and Data, including risk assessments and incident detection and response. We work with third parties from time to time that assist us to identify, assess, and manage cybersecurity risks, including professional services firms and consulting firms. To operate our business, we utilize certain third-party service providers to perform a variety of functions. We seek to engage reliable, reputable service providers that maintain cybersecurity programs. We are not aware of any risks from cybersecurity threats, including as a result of any cybersecurity incidents, which have materially affected or are reasonably likely to materially affect our Company, including our business strategy, results of operations, or financial condition. Governance Our full Board oversees the Company s enterprise risk management process, including the management of risks arising from cybersecurity threats. The Board receives prompt and timely information regarding any cybersecurity incident that meets established reporting thresholds, as well as ongoing updates regarding any such incident until it has been addressed. 22 Table of Contents Management plays a crucial role in assessing and managing material risks from cybersecurity threats. At the management level, the Company s cybersecurity risk management and strategy is led by its Head of Product and Operations, who reports to the CEO. The qualifications of the Head of Product and Operations include over 20 years of IT management, cybersecurity, and information governance experience. The Head of Product and Operations is regularly informed about the latest developments in cybersecurity, including emerging threats and technologies to adapt security measures accordingly. This ongoing knowledge acquisition is crucial for the effective prevention, detection, mitigation, and remediation of cybersecurity incidents. Management s role includes: Risk Assessment : Management conducts annual cybersecurity risk assessments to identify and evaluate potential threats and vulnerabilities. Management considers the likelihood and potential impact of various cybersecurity risks, considering the Company s assets, systems, and operations, to prioritize mitigation efforts. Compliance with Regulations : Management implements and maintains compliance with relevant cybersecurity regulations and standards applicable to the Company. The Head of Product and Operations is promptly informed of potential cybersecurity risks, threats, and vulnerabilities by any employees or consultants. Once an incident has been identified, the Head of Product and Operations and the security consulting team assess the criticality and impact of the incident on the Company s business operations. The Head of Product and Operations then formulates and oversees a response to contain, eradicate and resolve incidents in accordance with the Company s incident response plan. Management is responsible for reporting incidents to the appropriate authorities as necessary and engaging the senior leadership on all material incidents.

Company Information