October 11, 2024
Division of Corporate Finance
United States Securities and Exchange Commission
100 F Street, NE
Washington, DC 20549
Re: New Peoples Bankshares, Inc.
Form 10-K for Fiscal Year Ended December 31, 2023
File No. 000-33441
Dear Ms. Brown and Mr. Lopez:
In response to the letter dated September 24, 2024, New Peoples Bankshares, Inc. offers the following reply:
|1.
|We note the description of your processes for assessing, identifying, and managing material risks from cybersecurity threats. Please revise to address whether you engage assessors, consultants, auditors, or other third parties in connection with any such processes. See Item 106(b)(1)(ii) of Regulation S-K.
We engage various third parties to assist us in identifying, assessing and responding to cybersecurity threats. This includes around-the-clock managed firewall services and managed detection and response services provided by various third parties. In addition, we engage third parties to test the vulnerability of our cybersecurity infrastructure on a regular basis and we have a third-party assessment performed annually.
We will enhance our disclosures in future filings on Form 10-K to incorporate the above information, as well as any subsequent changes to our procedures, policies or personnel, as appropriate.
|2.
|We note your disclosure that your third-party service providers are under constant threat of cybersecurity attack. Please revise to disclose whether you have processes to oversee and identify risks from threats associated with your use of such third party services providers. Refer to Item 106(b)(1)(iii) of Regulation S-K.
We use a variety of methods and tools to assess a third-party vendor’s controls related to cybersecurity threats, such as obtaining proof a provider’s independent testing of data protection controls, imposition of contractual obligations and reviews of data protection controls such as backups, encryption standards and disaster recovery. Our information technology and vendor risk management functions assess information technology and cybersecurity third party providers as part of the initial determination process and then periodically thereafter. These third-party service providers are in regular contact with our information technology personnel, and we monitor other sources for information that any of these providers may have encountered cybersecurity threats.
We will enhance our disclosures in future filings on Form 10-K to incorporate the above information, as well as any subsequent changes to our procedures, policies or personnel, as appropriate.
|3.
|We note that your Information Security Officer is primarily responsible for the cybersecurity component of your risk management program, which coordinates with the Incident Response Plan and key members of management. Please revise to provide the relevant expertise of the ISO and such other persons or members you identify who are responsible for assessing and managing such risks, in such detail as necessary to fully describe the nature of the expertise. Refer to Item 106(c)(2)(i) of Regulation S-K.
Our Information Security Officer has over twenty years of information technology and security experience backed by an undergraduate degree in information technology and various information technology and network certifications. Aside from the Information Security Officer, cybersecurity support is provided by our Director of Information Technology who has over twenty-five years of related experience and undergraduate and post graduate degrees in business engineering and information technology, along with various information technology and network certifications; and our Chief Information Officer who has twenty years of financial sector information technology and information security administration and management backed by undergraduate and post graduate degrees in information technology, as well as various information technology and network certifications, including Certified Information Systems Security Professional certification.
We will enhance our disclosures in future filings on Form 10-K to incorporate the above information, as well as any subsequent changes to our procedures, policies or personnel, as appropriate.
Sincerely,
/s/ Christopher G. Speaks
Christopher G. Speaks
Chief Financial Officer and Executive Vice President