Grom Social Enterprises, Inc. 10-K Cybersecurity GRC - 2024-04-16

Page last updated on April 16, 2024

Grom Social Enterprises, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-04-16 17:20:58 EDT.

Filings

10-K filed on 2024-04-16

Grom Social Enterprises, Inc. filed an 10-K at 2024-04-16 17:20:58 EDT
Accession Number: 0001683168-24-002468

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. Cybersecurity We regularly review our cybersecurity defenses to assess our vulnerability to cybersecurity attacks from viruses, malware and more sophisticated and targeted cyber-related attacks such as hackers looking to demand ransomware or access our systems to obtain information and data, as well as our vulnerability to cybersecurity failures resulting from human error and technological errors. We rely upon internal IT personnel working in conjunction with specialized outside security consultants on a day-to-day basis to conduct reviews and upgrade our systems when determined to be necessary. Our overall strategy in combatting cybersecurity risks includes a variety of measures, including: the use of antivirus software, virtual private networks, email security, as well as other software and system-wide measures such as multi-factor authorization to prevent and detect data intrusions deployment of updates and patches as they become available from our software suppliers and consultants and maintaining the current versions of major software to reduce the exposure to vulnerabilities the use of third-party services to conduct mandatory online training for all employees regarding identifying and avoiding cyber-security risks the review of the security procedures used by third parties that may host or otherwise have access to our systems the deployment of third-party cyber-security experts to perform penetration testing on our internal and external networks and systems in an effort to identify potential vulnerabilities and consideration of the cybersecurity risks posed by interacting with current and potential third-party service providers, suppliers and customers. We are not aware of any existent weakness in our systems or malware embedded in our systems that would materially affect, or are reasonably likely to materially affect, our operations. Board Oversight The Board, as a whole, has oversight responsibility for our strategic and operational risks. The Audit Committee of our Board, which is composed of all non-employee directors, is responsible for oversight of our efforts to eliminate cybersecurity risks. The Audit Committee meets regularly with our Chief Executive Officer and Chief Financial Officer and, in turn, reports its finding to the Board. 27

Company Information