iCoreConnect Inc. 10-K Cybersecurity GRC - 2024-04-18

Page last updated on April 19, 2024

iCoreConnect Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-04-18 18:23:12 EDT.

Filings

10-K filed on 2024-04-18

iCoreConnect Inc. filed an 10-K at 2024-04-18 18:23:12 EDT
Accession Number: 0001477932-24-002244

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. Risk Management and Strategy We utilize a Cloud-only architecture which enables us to reduce risk by leveraging the scalability, high availability, and advanced security features of cloud platforms, thereby minimizing the potential for system downtime and data breaches while ensuring seamless disaster recovery options. All 3rd party vendors’ security policies are reviewed and updated as part of our annual Security Risk Assessment. Access to sensitive data is strictly regulated and provided on a need to know basis. Access is granted for the express purpose of assisting our customers with technical and training issues related to the use of our SaaS products or for the purpose of research, design and development of product related features and bugfixes. Risk management in software development involves identifying, assessing, and mitigating risks that could impact the project’s success. This strategy begins with a thorough risk identification process, where potential issues such as technical challenges, project scope changes, and resource constraints are recognized early. Each risk is then assessed for its probability of occurrence and potential impact on the project. Based on this assessment, risk mitigation strategies are developed and implemented. These strategies might include adopting flexible project management methodologies like Agile, investing in training for team members, implementing robust testing and quality assurance processes, and maintaining open communication channels with all stakeholders. Additionally, regular risk reviews are conducted throughout the project lifecycle to ensure that new risks are identified and managed promptly. The Company s Cybersecurity Policies are updated annually and reviewed by Independent 3rd Party Vendors to certify compliance. The Company requires Cybersecurity Awareness training for all new hires and a minimum of an annual review of such policies for all employees. The Company created and deployed an extensive Learning Management System that tracks employee adherence to Cyber Security Awareness, HIPAA and other related content. The Company s Cybersecurity Incident Response Policy provides specific steps for any employee that detects an attack to take to help stop the propagation of the threat and report the incident to their Superiors, the IT Team and the Security Manager. While there are significant threats of all types in the modern connected world, studies show that phishing attacks and social engineering through email and other electronic means are of high concern. With the vast majority (some say as high as 95%) of such attacks originating via email, employee education on how to identify and handle suspicious email and other forms of communication is critical in protecting the data and infrastructure. To date, we have not experienced any cybersecurity incidents that have materially affected our business strategy, results of operations or financial condition. Governance The Board is responsible for general risk oversight. The Board reviews and evaluates management’s evaluation and mitigation of cyber risks as part of its oversight of the Company’s Risk Management program. Management periodically reviews cyber risks, incidents, and risk mitigation plans and activities with the Board. We engaged an outside consulting firm to conduct a review of our information systems environment and make recommendations to improve security where appropriate. Management shared the report’s findings with the Board and periodically updates the Board regarding our progress on implementing the report’s recommendations.

Company Information