![]() Each vendor’s reporting process and incident response framework should be closely assessed. Companies should therefore understand each vendor’s cybersecurity framework, including risk management, strategy, and governance disclosure processes. Hence, required disclosures extend to systems owned by third-party vendors. Such information systems include those owned or used by the company. For prospective vendors, companies should perform a thorough cybersecurity due diligence investigation now more than ever because required disclosures of cybersecurity incidents include unauthorized occurrences and “related unauthorized occurrences” on the company’s information systems that jeopardize the confidentiality, integrity, and/or availability of the company’s information systems or any information residing therein. Such revisions may include adding express provisions to address claims or liabilities arising from the required disclosures under new Item 1.05 of Form 8-K, which requires disclosure within four business days if a registrant experiences a “cybersecurity incident” that is determined to be material. Companies should review protections in existing vendor contracts that address cybersecurity incidents and determine whether any contractual revisions or changes are needed to accommodate the Final Rules. In light of the changes brought by the Final Rules, public companies should consider the following actions: ![]() Beginning in December 2023, the Final Rules will require public companies to promptly disclose material cybersecurity incidents and information regarding their cybersecurity risk management, strategy, and governance 2.This alert focuses on practical preparation tools for companies facing compliance with the requirements of the Final Rules. Securities and Exchange Commission (“SEC”) adopted final rules relating to enhanced cybersecurity disclosures, which became effective on Septem(the “Final Rules”) 1.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |