Gaucho Group Holdings, Inc. 10-K Cybersecurity GRC - 2024-04-29

Page last updated on April 30, 2024

Gaucho Group Holdings, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-04-29 21:44:27 EDT.

Filings

10-K filed on 2024-04-29

Gaucho Group Holdings, Inc. filed an 10-K at 2024-04-29 21:44:27 EDT
Accession Number: 0001493152-24-017110

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Risk Management and Strategy The Company s information security program consists of various processes designed to ensure that the Company and its electronic assets are shielded from cyber events that may compromise the Company s ability to successfully execute its business on a day-to-day basis. These processes cover areas such as, but not limited to, risk management, access control, anti-virus management, sensitive data management, electronic communication, risk/security reporting, incident response planning and business continuation planning. Our Information Security Team is comprised of our Chief Financial Officer, Ambassador Director of Marketing, Accounting Manager, and Accounting Support. It is responsible for (i) administering the Company s policies and procedures in conjunction with our third-party information technology provider, Fairdinkum ( IT Provider ) (ii) distributing our policies to employees and consultants and providing training (iii) responding to employee or consultant inquiries regarding our policies (iv) overseeing our cybersecurity program and leading incident response efforts (v) monitoring for cybersecurity-related legal or regulatory developments coordinating with management, our IT Provider and /or legal counsel to discuss cybersecurity-related issues or topics and (vi) reviewing and updating our policies as necessary and on an annual basis. The Information Security Team carries out risk management primarily by outsourcing risks to those companies and agencies that specialize in handling such risks and that have the appropriate resources to do so. Our IT Provider has more than 20 years of experience in the latest technologies, experiences in a variety of network configurations. The IT Provider also has the ability to analyze cybersecurity presence and technology processes to provide reports as needed. The IT Provider currently manages and monitors our network, configures systems and controls, provides assistance and support during an incident and detects threats through antivirus scans, firewalls and base level spam filters. The Information Security Team meets quarterly with our IT Provider and notifies our IT Provider in real time of any major issues. The Information Security Team has engaged Drawbridge in the past for annual testing. Governance Management is ultimately responsible for assessing and managing the Company s cybersecurity risk. The information security program is overseen by the Chief Financial Officer. The Audit Committee of the Board is then briefed each quarter on the occurrence of any cybersecurity incidents. The Board will also be provided an overview of the information security program on an annual basis, including updates on the IT team, IT training, implementation of IT controls, cybersecurity testing, the incident response process and the cybersecurity assets of the Company. In the last fiscal year, we have not identified any risks from known cybersecurity threats that have materially affected the Company or our financial position, results of operations and/or cash flows. We continue to invest in cybersecurity and the resiliency of our networks and to enhance our internal controls and processes, which are designed to help protect our systems and infrastructure, and the information they contain. For more information regarding the risks we face from cybersecurity threats, please see Risk Factors. 63

Company Information