Thursday, October 13, 2011
SEC Div. of Corporation Finance's disclosure obligations - cybersecurity risks and cyber incidents.
http://ow.ly/6WTHm
This is an official publication from the SEC for the Division of Corporation Finance regarding disclosure obligations for cybersecurity risks and cyber incidents.
The document states, "The statements in this CF Disclosure Guidance represent the views of the Division of Corporation Finance. This guidance is not a rule, regulation, or statement of the Securities and Exchange Commission. Further, the Commission has neither approved nor disapproved its content."
This statement offers guidance on what information should be disclosed, when it should be disclosed, and provides guidance for reporting cyber incidents for situations before, during and after incidents.
The guidance also states, "If a material pending legal proceeding to which a registrant or any of its subsidiaries is a party involves a cyber incident, the registrant may need to disclose information regarding this litigation in its “Legal Proceedings” disclosure. For example, if a significant amount of customer information is stolen, resulting in material litigation, the registrant should disclose the name of the court in which the proceedings are pending, the date instituted, the principal parties thereto, a description of the factual basis alleged to underlie the litigation, and the relief sought."
There are several points of guidance offered in this document, including points about discussing the type of business involved, and the nature and extent of the risk involved.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment