CONNS INC 10-K Cybersecurity GRC - 2024-04-18

Page last updated on April 19, 2024

CONNS INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-04-18 11:52:17 EDT.

Filings

10-K filed on 2024-04-18

CONNS INC filed an 10-K at 2024-04-18 11:52:17 EDT
Accession Number: 0001223389-24-000028

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY. Leadership and Governance Our organization is guided by our Chief Information Security Officer (CISO) who leads our enterprise-wide cybersecurity strategy, compliance, policy, standards, architecture, cyber operations, risk management, governance, and processes. With over 25 years of experience in Information Security, including 14 years as a CISO for several multi-billion-dollar organizations, our CISO brings unparalleled expertise to our security initiatives. Executive Reporting Our CISO provides periodic security and risk management updates to executive leadership, the board of directors, and audit committee, ensuring comprehensive awareness and oversight of our security posture. Updates are delivered during quarterly meetings with executive leadership and bi-annual meetings with the audit committee. Topics related to cybersecurity risk, control maturity, incident management, compliance posture, and security improvement initiatives are addressed during these meetings. Standards and Frameworks Our cybersecurity program aligns with leading industry standards, including the National Institute of Standards and Technology (“NIST”) Cybersecurity Framework. The NIST CSF provides a structured and flexible approach to managing cybersecurity risk, enabling us to effectively identify, protect, detect, respond to, and recover from cyber threats. By adhering to NIST standards, we enhance our resilience and ensure alignment with recognized best practices. Thought Leadership and Collaboration We leverage thought leadership from key vendors, business partners, and industry intelligence sources to stay abreast of emerging threats and align with best practices. This collaborative approach enables us to proactively respond to evolving cyber risks while effectively managing risk in line with our organizational risk appetite. Continuous Monitoring and Response Our security operations include 24/7 monitoring conducted by a third-party provider in collaboration with internal teams. Conn’s has implemented vendor management controls that ensure our service providers practice due diligence and due care when providing professional services to Conn’s or managing our data. Additionally, Conn’s has implemented risk management processes to monitor for cybersecurity threats associated with vendors who have access to our systems, applications, or data. This proactive approach ensures timely detection and response to cybersecurity threats, minimizing the potential impact on our business operations and financial condition. Incident Management As of the date of this Annual Report on Form 10-K, there are no known security threats or incidents that are likely to materially affect our business strategy, operations, or financial condition. We maintain robust incident management processes to swiftly address any security incidents that may arise, mitigating their impact and preserving the integrity of our operations. In conclusion, our information security program is underpinned by strong leadership, adherence to industry standards, proactive monitoring, and collaboration with internal and external stakeholders. By prioritizing cybersecurity and risk management, we uphold our commitment to safeguarding our assets, maintaining operational resilience, and protecting the interests of our stockholders.

Company Information