Risk Factors - RAVE

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing

$RAVE Risk Factor changes from 00/09/26/24/2024 to 00/09/25/25/2025

ITEM 1A. RISK FACTORS. RISK FACTORS. Not required for a smaller reporting company. ITEM 1B. ITEM 1B. UNRESOLVED STAFF COMMENTS. UNRESOLVED STAFF COMMENTS. Not applicable. ITEM 1C. ITEM 1C. CYBERSECURITY. The Company recognizes the critical importance of maintaining the safety and security of our systems and data and has a holistic process for overseeing and managing cybersecurity and related risks. The Company recognizes the critical importance of maintaining the safety and security of our systems and data and has a holistic process for overseeing and managing cybersecurity and related risks. The Company believes that cybersecurity threats, including as a result of any previous cybersecurity incidents, have not materially affected and are not reasonably likely to materially affect our business strategy, results of operations or financial condition. The Company believes that cybersecurity threats, including as a result of any previous cybersecurity incidents, have not materially affected and are not reasonably likely to materially affect our business strategy, results of operations or financial condition. 6 Index Cybersecurity Risk Management and Strategy Personnel The Company has an information security program and procedures in place to protect, identify, detect, respond to and manage reasonably foreseeable cybersecurity risks and threats. 6 Index Cybersecurity Risk Management and Strategy Personnel The Company has an information security program and procedures in place to protect, identify, detect, respond to and manage reasonably foreseeable cybersecurity risks and threats. The Company uses various security tools that help prevent, identify, investigate, resolve and recover from identified vulnerabilities and security incidents to protect our information systems and data from cybersecurity threats. This framework is implemented and overseen by management’s information security department which is led by the Information Technology (“IT”) Support Associate Director and overseen by the Company’s IT Steering Committee. This framework is implemented and overseen by management’s information security department which is led by the Information Technology (“IT”) Support Associate Director and overseen by the Company’s IT Steering Committee. The IT Support Associate Director has over twenty years of experience in technology management and cybersecurity. The IT Support Associate Director has over twenty years of experience in technology management and cybersecurity. The IT Steering Committee is comprised of the Company’s two Associate IT Directors, the CEO, and CFO and convenes quarterly to review IT control policies and procedures are properly followed and any new employees were properly onboarded in compliance with security procedures. The IT Steering Committee is comprised of the Company’s two Associate IT Directors, the CEO, and CFO and convenes quarterly to review IT control policies and procedures are properly followed and any new employees were properly onboarded in compliance with security procedures. Third-Party Engagement The Company employs third-party risk security vendors to identify, mitigate, and remediate cybersecurity risks; however, we rely on the third parties we use to implement security programs commensurate with their risks, and we cannot ensure in all circumstances that their efforts will be successful. Third Party Engagement The Company employs third party risk security vendors to identify, mitigate, and remediate cybersecurity risks; however, we rely on the third parties we use to implement security programs commensurate with their risks, and we cannot ensure in all circumstances that their efforts will be successful. The Company employs a third-party vendor to securely host the Company’s data in a cloud-based storage system. The third-party vendor conducts quarterly vulnerability scans on both the hosted data environment and the Company’s corporate data network. Scans of the Company’s firewall are conducted regularly by the third-party vendor. Any necessary remediation would also be provided by the third-party vendor after the scan, but none has been required. Any necessary remediation would also be provided by Contego after the scan, but none has been required. The Company uses multiple third-party developed software to continually monitor technology systems for viruses, malicious software, executable harmful files, and other cybersecurity risks. The Company uses SolarWinds with Sentinel One software from Contego to continually monitor technology systems for viruses, malicious software, executable harmful files, and other cybersecurity risks. The Company requires the annual submission of SOC 1 security certificates from our third-party vendors which have access to our financial and sales data. The Company requires the annual submission of SOC 1 security certificates from our third-party vendors which have access to our financial and sales data. The Company also maintains cybersecurity insurance providing coverage for certain costs related to security failures and specified cybersecurity related incidents. The Company recognizes that threat actors frequently target employees to gain unauthorized access to information systems. The Company recognizes that threat actors frequently target employees to gain unauthorized access to information systems. Therefore, each employee is required to complete information security and data privacy training to build awareness of cybersecurity risks to the organization. Therefore, each employee is required to complete information security and data privacy training to build awareness of cybersecurity risks to the organization. The Company has engaged a third-party vendor to periodically send each employee an email that mimics a potentially harmful phishing attempt each month and to report to management the results of the phishing security test. The Company has engaged third party vendor Knowbe4 to send each employee an email that mimics a potentially harmful phishing attempt each month and to report to management the results of the phishing security test. Governance The Board of Directors are acutely aware of the critical nature of managing risks associated with cybersecurity threats. Governance The Board of Directors are acutely aware of the critical nature of managing risks associated with cybersecurity threats. Each quarterly meeting, management presents a cybersecurity update which includes results of testing by third-party vendors and any suspected cybersecurity incidents to the entire Board of Directors. Each quarterly meeting, management presents a cybersecurity update which includes results of testing by third-party vendors and any suspected cybersecurity incidents to the entire Board of Directors. Management would report any material cybersecurity breach immediately to the full Board of Directors. The Company has a written policy for the employee reporting of any cybersecurity suspected incidents. The Audit Committee of the Board has the primary responsibility to oversee effective governance in managing risks associated with cybersecurity threats. The Audit Committee of the Board has the primary responsibility to oversee effective governance in managing risks associated with cybersecurity threats. Our Audit Committee is composed of members with diverse expertise, including risk management, technology, and finance, equipping them to oversee cybersecurity risks effectively. Our Audit Committee is composed of members with diverse expertise, including risk management, technology, and finance, equipping them to oversee cybersecurity risks effectively. . .