Powerfleet, Inc. 10-K Cybersecurity GRC - 2024-05-09

Page last updated on August 22, 2024

Powerfleet, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-05-09 17:31:19 EDT.

Filings

10-K filed on 2024-05-09

Powerfleet, Inc. filed a 10-K at 2024-05-09 17:31:19 EDT
Accession Number: 0001493152-24-018526

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. Cybersecurity Governance Our board of directors has the ultimate oversight responsibility for the risk management process and regularly reviews issues that present particular risk to us, including those involving cybersecurity. Our board is responsible for ensuring that management has processes in place designed to identify and assess cybersecurity risks to which the Company is exposed and implement processes and programs designed to manage cybersecurity risks and mitigate and remediate cybersecurity threats and incidents. Our management is responsible for identifying, considering and assessing material cybersecurity risks on an ongoing basis, establishing processes to ensure that such potential cybersecurity risk exposures are monitored, putting in place appropriate mitigation measures and maintaining cybersecurity programs. In managing cybersecurity risks, we adhere to a structured framework that outlines the roles and responsibilities of management positions and committees. Our Director of Security and Network Management (“SNM”) leads our cybersecurity initiative, holding various information technology (“IT”) and security certificates and possessing over 20 years of experience in risk assessments, regulatory compliance (across various frameworks such as ISO 27001, NIST, and GDPR), threat intelligence gathering, and orchestrating coordinated incident response efforts. Our Director of SNM ensures that our cybersecurity team is equipped with up-to-date threat intelligence and uses industry leading tools for threat monitoring and incident response. The cybersecurity team, led by our Director of SNM, is a collective of highly qualified individuals with diverse backgrounds in IT, security, cyber risk management, and digital forensics, and holding various professional certifications (such as CISA, GRCP, IPMP, IDPP, CEH, ISO27001). Under the Director of SNM’s leadership, our cybersecurity team continuously monitors for threats and implements necessary security controls, conducting regular reviews and updates to the cybersecurity strategy. Any potential or actual cybersecurity incidents are assessed for their financial impact by our Director of SNM and reported to our Chief Financial Officer for a comprehensive risk analysis. Additionally, we have an Information Security Steering Committee (the “ISS Committee”), which plays a pivotal role in the governance of our cybersecurity posture. Members of the ISS Committee are selected for their domain-specific expertise and strategic vision, with representation from our IT, security, finance, legal, operations, and compliance sectors. The ISS Committee is an assembly of cross-functional senior leaders from various groups within our company. Led by the Director of SNM, the ISS Committee’s function extends to the formulation of cybersecurity policies, setting risk management priorities and driving the adoption of security best practices across our company. By leveraging the collective expertise of the ISS Committee, we believe we ensure cybersecurity considerations are integrated into our company’s organizational strategy and decision-making processes. Our Director of SNM and Chief Financial Officer report material cybersecurity risks to our board of directors based on their and the ISS Committee’s assessment of risk. Cybersecurity Risk Management and Strategy Our processes for assessing, identifying, and managing cybersecurity threats are designed to be thorough and transparent, ensuring that investors have a clear understanding of our commitment to cybersecurity. Our cybersecurity team collaborates with leaders from each department to ensure cybersecurity risks are considered alongside operational, financial, and strategic risks. We conduct regular cybersecurity risk assessments as part of our enterprise risk management program, ensuring that the cybersecurity risks are tracked, rated, and managed with the same rigor as all other company risks. We regularly engage with external assessors, consultants, and auditors to ensure our cybersecurity practices are up to date and aligned with industry standards. These third parties conduct independent audits of our cybersecurity measures and validate the effectiveness of our risk management processes. We also engage specialized cybersecurity firms to perform penetration testing and vulnerability assessments. We have processes in place to manage and mitigate risks associated with the use of third-party service providers., including, but not limited to conducting due diligence before onboarding new service providers and continuously monitoring their compliance with our security standards. We require service providers to undergo regular security assessments, and we ensure that such providers have robust incident response plans in place during our engagement. To date, no risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect our business, our business strategy, our results of operations or our financial condition. For a description of the risks from cybersecurity threats that may materially affect the Company and how they may do so, see our risk factors under “Item 1A. Risk Factors”.

Company Information