In late July, the Securities and Exchange Commission (SEC) adopted rules that require registered companies to annually report on their cybersecurity risk management, strategy and governance.
As a result of this change, companies will need for Form S-K language that describes their cybersecurity risk management and governance programs. That language must describe the components of the risk management program, the Duty of Care Risk Analysis (DoCRA) process for evaluating cybersecurity risks.
In addition, there is a new requirement that companies must disclose a cybersecurity incident within four days of the determination that it is material.
There is limited time to meet these new requirements as they must be reported in 2023’s financial Form 10-K and Form 20-F disclosures.
Learn how to meet the new requirements presented in the July 2023 SEC ruling.
Target Audience: C-Suite, Compliance Executives, Investor relations
When: Thursday, September 28, 2023 | 2:00 PM Eastern Daylight Time
Cost: No Charge
- Willy Fabritius, Global Head of Strategy & Business Development Information Security, SGS
- Chris Cronin, Partner, Halock Security Labs
- Cindy Haight, Inside Sales Representative, Industrial & Medical Device, SGS North America, Inc.
Willy Fabritius, Global Head of Strategy & Business Development Information Security, SGS
Willy has a MSc in Computer Science. For more than 25 years, Willy has held management positions with organizations in the private sectors. His experience the Management Systems goes back to 1994 when he implemented an ISO 9002:1994 QMS at a Stamping Facility in Germany which got certified in less than 12 months.
He is a qualified lead auditor for a variety of standards: ISO 9001, ISO 27001, CSA-STAR, ISO 27701, ISO 22301 and has audited multiple fortune 100 organizations to these standards. Willy has worked for several global Certifications Bodies and delivered thousands of audits in APEC, Africa, Europe and the Americas.
Willy was the Global Head for Information Security, Privacy and Business Continuity for one the largest 3rd party Certification Body, before joining SGS as the Global Head for Strategy and Business Development.
Chris Cronin, Partner, Halock Security Labs
Chris Cronin is a Partner at Halock Security Labs, a US-based, risk management and cybersecurity consulting firm. Chris and his team help organizations manage their information security risks, and they work with U.S. regulators and attorneys as expert witnesses in data breach cases. Fluent in technology, regulations, management, audit, and the law, Chris’ expertise is wide-ranging and helps organizations understand how well-designed information and cyber security programs align to business interests and legal expectations. Chris developed Duty of Care Risk Analysis (DoCRA) and CIS RAM to help management, cybersecurity experts, and attorneys work toward a common goal of “reasonable” security. U.S.-based regulators have been using DoCRA as a test for reasonable security when it is applied to ISO 27001, the NIST Risk Management Framework, CIS Controls, PCI DSS, or other frameworks to secure important information assets.
Cindy Haight, Inside Sales Representative, Industrial & Medical Device, SGS North America, Inc.
Cindy joined SGS North America one year ago, to work in the Knowledge Solutions Division. Her focus is to assist customers with Certification for Core ISO standards, ISO 13485, SMETA, and she also works in support of SGS Academy. Cindy began her career in the certification industry 20 years ago, as a Global Key Account Manager for Bureau Veritas, where she helped large International Companies achieve their Certification objectives. In 2016, she moved to the Training Department, where she was responsible for customer support, sales and many operational processes, until joining SGS in January 2022.
SOURCE: SGS Certification Solutions