SHF Holdings, Inc. 10-K Cybersecurity GRC - 2024-04-01

Page last updated on April 11, 2024

SHF Holdings, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-04-01 16:06:24 EDT.

Filings

10-K filed on 2024-04-01

SHF Holdings, Inc. filed an 10-K at 2024-04-01 16:06:24 EDT
Accession Number: 0001493152-24-012360

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. The Company employs internal resources and third-party service providers to manage, operate and administer our day-to-day operations, business and affairs, subject to the direction and supervision of the Board. The Board recognizes the critical importance of maintaining the trust and confidence of our business partners. The Board plays an active role in overseeing management of our risks, and cybersecurity represents an important component of the Company s overall approach to risk management and oversight. The Company and its management are committed to protecting the confidentiality of all non-public information related to the Company s clients, shareholders and their personnel. Risk Management and Strategy The Company relies on its Management and employees to execute its comprehensive cybersecurity program, and has adopted a written information security program, which is designed to address applicable requirements under Regulation S-P and the FTC Safeguards Rule. Consequently, the Company also relies on the processes for assessing, identifying, and managing material risks from cybersecurity threats. The processes include, among other things, maintaining secure digital or physical access to information assets, using manual and automated detection methods for malicious code, due diligence of third-party vendors, and engaging a leading provider of cybersecurity services to assess and manage cybersecurity risk. For third-party service vendors that perform a variety of important functions for our business, we seek to engage reliable, reputable service vendors that maintain cybersecurity programs. All of the Company s officers and employees are subject to its policies and procedures. The Company utilizes both internal and third-party cybersecurity services, including threat detection and response, vulnerability assessment and monitoring, security incident response and recovery and general cybersecurity education and awareness. We engage in periodic assessment and training regarding the policies, standards and practices designed to address cybersecurity threats and incidents. Our cybersecurity risk management is integrated into our overall enterprise risk management and shares common methodologies, reporting channels and governance processes that apply across our enterprise risk management. To date, we have not experienced any cybersecurity threats, including as a result of any previous cybersecurity incidents, that have materially affected the Company and we are not aware of any cybersecurity threats that are reasonably likely to affect the Company, including its business strategy, results of operations or financial condition. Governance Management oversees the Company s cybersecurity risk management process. Management has adopted a charter that provides to periodically review and discuss with the Board the guidelines and policies with respect to risk assessment and risk management of cybersecurity and other risk exposures relevant to the Company s computerized information system controls and security. Management may receive additional training in cybersecurity and data privacy matters to enable its oversight of such risks. Management will report to the Board on the substance of such reviews and discussions and, as necessary, recommend to the Board such actions as the Management deems appropriate. As noted above, the Company relies on our internal Information Systems in connection with the Company s day-to-day operations. The Company relies on the internal processes for assessing, identifying, and managing material risks from cybersecurity threats. The Company s Chief Financial Officer, Chief Legal Officer, and Head of IT work collaboratively with other employees of the Company to ensure protection of the Company s Information Systems from cybersecurity threats and to promptly respond to any cybersecurity incidents. These members of the Company s management team monitor the prevention, detection, mitigation and remediation of cybersecurity threats and incidents and report such threats and incidents to the board when appropriate. They have gained relevant knowledge, skills and experience in information technology and cybersecurity risk management, including overseeing third-party vendors in such areas, over their careers at the Company or other organizations. 17 Table of Contents

Company Information