XML 49 R34.htm IDEA: XBRL DOCUMENT v3.25.0.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
SoundHound acknowledges the increasing importance of cybersecurity in its operations and recognizes the potential risks and threats associated with cyber incidents. The Company is committed to maintaining the confidentiality, integrity, and availability of its information systems and data. However, no system can be completely immune to cyber threats. We face a number of cybersecurity risks in connection with our business. To date, such risks have not materially affected our business, including threats to and breaches of our data systems, malware and computer virus attacks.
Risk Management and Strategy

The following information provides an overview of our approach to managing cybersecurity risks. The Company assesses, identifies and manages cybersecurity related risks. Cybersecurity related risks are evaluated to assess top risks to the enterprise on a bi-annual basis. SoundHound has implemented a comprehensive cybersecurity program designed to identify, assess, and manage cyber risks.

This program includes, but is not limited to:
Regular risk assessments and vulnerability assessments.
Implementation of industry-accepted cybersecurity controls and best practices.
Employee training and awareness programs to enhance the company's overall cybersecurity posture.
Continuous monitoring and incident response plans to detect and mitigate potential threats promptly.

We have a set of Company-wide policies and procedures concerning cybersecurity matters, such as policies related to encryption standards, antivirus protection, remote access, multi factor authentication, confidential information and the use of the internet, social media, email and wireless devices. These policies go through an annual internal review process and are approved by appropriate members of management.

We have continued to expand investments in IT security, including additional end-user training, using layered defenses, identifying and protecting critical assets, strengthening monitoring and alerting, and engaging experts. We regularly test defenses by performing simulations and drills at both a technical level and by reviewing our operational policies and procedures. We review our operational policies and procedures with third party experts on an annual basis as part of our annual audit process. We also maintain cyber insurance coverage.

In addition to assessing our own cybersecurity preparedness, we also consider and evaluate cybersecurity risks associated with use of third-party service providers. Our Vendor Management Team conducts an annual review of third-party hosted applications with a specific focus on any sensitive data shared with third parties. The internal business owners of the hosted applications are required to document user access reviews at least annually and provide from the vendor a System and Organization Controls (SOC) 1 or SOC 2 report. If a third-party vendor is not able to provide a SOC 1 or SOC 2 report, we take additional steps to assess their cybersecurity preparedness and assess our relationship on that basis. Our assessment of risks associated with use of third-party providers is part of our overall cybersecurity risk management framework.

SoundHound will report any cybersecurity incidents determined to be material. Material aspects of the nature, scope and timing of the incident, and the impact or reasonably likely impact of the incident on the Company, including on SoundHound’s financial condition and results of operations will be disclosed.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block]
Risk Management and Strategy

The following information provides an overview of our approach to managing cybersecurity risks. The Company assesses, identifies and manages cybersecurity related risks. Cybersecurity related risks are evaluated to assess top risks to the enterprise on a bi-annual basis. SoundHound has implemented a comprehensive cybersecurity program designed to identify, assess, and manage cyber risks.

This program includes, but is not limited to:
Regular risk assessments and vulnerability assessments.
Implementation of industry-accepted cybersecurity controls and best practices.
Employee training and awareness programs to enhance the company's overall cybersecurity posture.
Continuous monitoring and incident response plans to detect and mitigate potential threats promptly.

We have a set of Company-wide policies and procedures concerning cybersecurity matters, such as policies related to encryption standards, antivirus protection, remote access, multi factor authentication, confidential information and the use of the internet, social media, email and wireless devices. These policies go through an annual internal review process and are approved by appropriate members of management.

We have continued to expand investments in IT security, including additional end-user training, using layered defenses, identifying and protecting critical assets, strengthening monitoring and alerting, and engaging experts. We regularly test defenses by performing simulations and drills at both a technical level and by reviewing our operational policies and procedures. We review our operational policies and procedures with third party experts on an annual basis as part of our annual audit process. We also maintain cyber insurance coverage.

In addition to assessing our own cybersecurity preparedness, we also consider and evaluate cybersecurity risks associated with use of third-party service providers. Our Vendor Management Team conducts an annual review of third-party hosted applications with a specific focus on any sensitive data shared with third parties. The internal business owners of the hosted applications are required to document user access reviews at least annually and provide from the vendor a System and Organization Controls (SOC) 1 or SOC 2 report. If a third-party vendor is not able to provide a SOC 1 or SOC 2 report, we take additional steps to assess their cybersecurity preparedness and assess our relationship on that basis. Our assessment of risks associated with use of third-party providers is part of our overall cybersecurity risk management framework.

SoundHound will report any cybersecurity incidents determined to be material. Material aspects of the nature, scope and timing of the incident, and the impact or reasonably likely impact of the incident on the Company, including on SoundHound’s financial condition and results of operations will be disclosed.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block]
The audit committee oversees risks from cybersecurity threats as part of its broader risk oversight responsibilities. The board recognizes the importance of cybersecurity in safeguarding the company’s assets and operations.

SoundHound has a dedicated Information Security Management committee responsible for overseeing risks from cybersecurity threats. The committee’s charter outlines its specific responsibilities related to cybersecurity risk oversight, and assists senior management in fulfilling its oversight responsibilities by creating, implementing, overseeing and maintaining SoundHound’s Information Security Management System. The purpose of the ISMS is to protect the Company’s information systems and assets, taking into account the potential for external threats, internal threats, and threats arising from transactions with trusted third parties and vendors. The board of directors is informed of cybersecurity risks, at least annually, through established processes, including periodic briefings, reports, and updates on the evolving landscape of cybersecurity threats.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] SoundHound has a dedicated Information Security Management committee responsible for overseeing risks from cybersecurity threats.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] The board of directors is informed of cybersecurity risks, at least annually, through established processes, including periodic briefings, reports, and updates on the evolving landscape of cybersecurity threats.
Cybersecurity Risk Role of Management [Text Block]
SoundHound designates the Information Security Management Committee as responsible for assessing and managing cybersecurity risks. Committee members possess professional experience or backgrounds presenting relevant experience or capacity to address those matters within the scope of the Committee’s responsibility, including senior executives, department leaders, and subject matter experts. Committee members are familiar, or have the ability to quickly gain familiarity, with major technology platforms employed by the Company; have knowledge of technological ecosystems and challenges confronted in current or emerging business environments; have the capacity to understand new or emerging technologies and cyber security threats; are familiar, or have the ability to quickly gain familiarity, with information security principles, privacy regulations, standards, and guidelines; and possess experience relating to enterprise risk management and process.

We view cybersecurity as a shared responsibility. All employees are required to complete cybersecurity training as part of onboarding, on an annual basis and have access to more frequent cybersecurity training online. We also require employees in certain roles to complete additional role-based, specialized cybersecurity training. The designated persons or committees actively monitor cybersecurity incidents through processes that monitor the prevention, detection, mitigation and remediation of cybersecurity incidents, including continuous assessment and adaptation to emerging threats.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] SoundHound designates the Information Security Management Committee as responsible for assessing and managing cybersecurity risks.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] Committee members possess professional experience or backgrounds presenting relevant experience or capacity to address those matters within the scope of the Committee’s responsibility, including senior executives, department leaders, and subject matter experts. Committee members are familiar, or have the ability to quickly gain familiarity, with major technology platforms employed by the Company; have knowledge of technological ecosystems and challenges confronted in current or emerging business environments; have the capacity to understand new or emerging technologies and cyber security threats; are familiar, or have the ability to quickly gain familiarity, with information security principles, privacy regulations, standards, and guidelines; and possess experience relating to enterprise risk management and process.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
SoundHound has a dedicated Information Security Management committee responsible for overseeing risks from cybersecurity threats. The committee’s charter outlines its specific responsibilities related to cybersecurity risk oversight, and assists senior management in fulfilling its oversight responsibilities by creating, implementing, overseeing and maintaining SoundHound’s Information Security Management System. The purpose of the ISMS is to protect the Company’s information systems and assets, taking into account the potential for external threats, internal threats, and threats arising from transactions with trusted third parties and vendors. The board of directors is informed of cybersecurity risks, at least annually, through established processes, including periodic briefings, reports, and updates on the evolving landscape of cybersecurity threats.
SoundHound designates the Information Security Management Committee as responsible for assessing and managing cybersecurity risks. Committee members possess professional experience or backgrounds presenting relevant experience or capacity to address those matters within the scope of the Committee’s responsibility, including senior executives, department leaders, and subject matter experts. Committee members are familiar, or have the ability to quickly gain familiarity, with major technology platforms employed by the Company; have knowledge of technological ecosystems and challenges confronted in current or emerging business environments; have the capacity to understand new or emerging technologies and cyber security threats; are familiar, or have the ability to quickly gain familiarity, with information security principles, privacy regulations, standards, and guidelines; and possess experience relating to enterprise risk management and process.

We view cybersecurity as a shared responsibility. All employees are required to complete cybersecurity training as part of onboarding, on an annual basis and have access to more frequent cybersecurity training online. We also require employees in certain roles to complete additional role-based, specialized cybersecurity training. The designated persons or committees actively monitor cybersecurity incidents through processes that monitor the prevention, detection, mitigation and remediation of cybersecurity incidents, including continuous assessment and adaptation to emerging threats.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true