Page last updated on September 8, 2025
REGIS CORP reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-09-03 06:03:44 EDT.
Filings
10-K filed on 2025-09-03
REGIS CORP filed a 10-K at 2025-09-03 06:03:44 EDT
Accession Number: 0000716643-25-000031
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
Item 1C. Cybersecurity We have defined policies and procedures for cybersecurity incident detection, containment, response, and remediation and have adopted physical, technological, and administrative cybersecurity and data privacy controls. The Company established a cybersecurity incident response plan, which includes classification of cybersecurity incidents, to whom to escalate an incident, and when to escalate a cybersecurity incident, including direct communication to the Director of Information Security, Vice President of IT, our President and our Board of Directors . The Audit Committee receives periodic reports on the Company’s cybersecurity measures, protections, response plans, etc. The Company regularly conducts risk assessments and tracks remediation to completion. Critical systems are periodically audited against industry standards. Key elements of our cybersecurity risk management program include, but are not limited to, the following: - Risk assessments designed to help identify material cybersecurity risks to our critical systems, information, products, services, and our broader enterprise IT environment; - A security team principally responsible for managing (1) our cybersecurity risk assessment processes, (2) our security controls, and (3) our response to cybersecurity incidents; - The use of external service providers , where appropriate, to assess, test or otherwise assist with aspects of our security processes; - Cybersecurity awareness training of our employees; - A cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents; and - A third-party risk management process for service providers based on our assessment of their criticality to our operations and respective risk profile. Our Director of Information Security directs, coordinates, plans, and organizes information security activities throughout the Company, including leading the development of our cybersecurity risk management strategy. Our Director of Information Security has more than 35 years of relevant IT experience, including 20 years directly managing information security, holds professional certifications including ISC(2)’s Certified Information Systems Security Professional (CISSP-issued 2006) and ISACA’s Certified Information Security Manager (CISM-issued 2006), and has ongoing involvement in various professional organizations, including serving for the last 15 years on the governing body of the Gartner/Evanta Minneapolis CISO summit, and is a member of the Minnesota chapter of ISACA. We have not historically been materially impacted by risks from cybersecurity threats and as of the date of this Annual Report on Form 10-K, we are not aware of any cybersecurity risks that are reasonably likely to materially affect our business.
Company Information
| Name | REGIS CORP |
| CIK | 0000716643 |
| SIC Description | Services-Personal Services |
| Ticker | RGS - Nasdaq |
| Website | |
| Category | Non-accelerated filer Smaller reporting company |
| Fiscal Year End | June 29 |