|
Cybersecurity Risk Management, Strategy and Governance
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Item 16K. Cybersecurity.
Risk Management and Strategy
We have processes for assessing, identifying, and managing material risks from cybersecurity threats. The Company has designed and implemented a cybersecurity incident response plan and related processes, which are overseen by cybersecurity professionals.
Cybersecurity threats are identified and escalated to the audit committee or member thereof pursuant to criteria set forth in these processes. These processes also include overseeing and identifying risks from cybersecurity threats associated with the use of third-party service providers, if any.
We have implemented third-party risk management processes to manage material risks from cybersecurity threats associated with reliance on vendors, critical service providers, and other third parties we engage, such as software-as-a-service providers, data hosting companies, and contract research organizations. These processes include, for example, conducting risk assessment for certain vendors, reviewing vendor security assessments and questionnaires, and conducting annual reviews of vendor audits and reports. Depending on the nature of the services provided, the sensitivity of the Information Systems and Data at issue, and the identity of the provider, our third-party risk management process may involve different levels of assessment designed to help identify cybersecurity risks associated with a provider.
The audit committee is responsible for establishing and monitoring the integrity and effectiveness of controls and other procedures, which are designed to ensure that (1) all information required to be disclosed is recorded, processed, summarized, and reported accurately and on a timely basis, and (2) all such information is accumulated and communicated to management and the audit committee, as appropriate, to allow for timely decisions regarding such disclosures. The controls and procedures subject to the audit committee’s oversight include processes related to managing material risks from cybersecurity threats. Accordingly, the Company’s cybersecurity processes have been integrated into the Company’s overall processes.
For additional information, see “Item 1.D. Risk Factors - A denial of service attack or security breach or incident could delay or interrupt service to Rezolve’s merchants and their customers, harm Rezolve’s reputation and subject Rezolve to significant liability.”
Governance
The audit committee operates under a written charter adopted by the Company’s Board of Directors. The audit committee of the Company’s Board of Directors oversees, among other things, a system of internal controls, including internal controls designed to assess, identify, and manage material risks from cybersecurity threats. The audit committee is also responsible for the adequacy and effectiveness of the Company’s internal controls, including those internal controls that are designed to assess, identify, and manage material risks from cybersecurity threats.
The audit committee is informed of material risks, if any, from cybersecurity threats pursuant to escalation criteria set forth in the Company’s disclosure controls and procedures. Further, at least once per quarter, the Company’s CISO reports material risks, if any, from cybersecurity threats to the Company’s audit committee and/or Board of Directors.
The Company’s management, including members of its audit committee and the Company’s Chief Information Security Officer ("CISO"), also assess and manage material risks, if any, from cybersecurity threats.
The audit committee is composed entirely of non-employee directors. The audit committee is responsible for establishing and monitoring the integrity and effectiveness of controls and other procedures, including controls and procedures related to managing material risks from cybersecurity threats, which are designed to ensure that (1) all information required to be disclosed is recorded, processed, summarized, and reported accurately and on a timely basis, and (2) all such information is accumulated and communicated to management and the Board of Directors, as appropriate, to allow for timely decisions regarding such disclosures.
The Company’s CISO oversees the Company’s incident response plan and related processes designed to assess and manage material risks, if any, from cybersecurity threats. The Company’s CISO also coordinates with consultants and other third parties to assess and manage material risks, if any, from cybersecurity threats. The Company’s CISO oversees the Company’s incident response plan and related processes designed to assess and manage material risks, if any, from cybersecurity threats.
The Company’s CISO's relevant cybersecurity expertise is comprised of 15+ years' experience within IT and Cyber Security; 1st Class BSc Hons Degree, Computer Science, ISO27001 Lead Auditor and Implementor; detailed knowledge of Security Frameworks including PCI DSS, ISO27001 and SOC. Risk Management and mitigation.
The Company’s CISO is informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents pursuant to criteria set forth in the Company’s incident response plan and related processes. The Company’s CISO is also informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents pursuant to notification criteria set forth in the Company’s contracts with third-party service providers. Further, the Company’s CISO is informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents pursuant to reports prepared by consultants, auditors, and other third parties retained by the Company, if necessary, to investigate cybersecurity incidents.
The Company’s CISO or a delegate thereof informs the audit committee of cybersecurity incidents that may be material pursuant to escalation criteria set forth in the Company’s incident response plan and related processes.
The Company’s CISO or a delegate thereof also prepares a report for the audit committee and the Board of Directors, concerning material risks, if any, from cybersecurity threats at least once per quarter, and more often to the extent necessary pursuant to the escalation criteria set forth in the Company’s processes described herein.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
The audit committee is responsible for establishing and monitoring the integrity and effectiveness of controls and other procedures, which are designed to ensure that (1) all information required to be disclosed is recorded, processed, summarized, and reported accurately and on a timely basis, and (2) all such information is accumulated and communicated to management and the audit committee, as appropriate, to allow for timely decisions regarding such disclosures. The controls and procedures subject to the audit committee’s oversight include processes related to managing material risks from cybersecurity threats. Accordingly, the Company’s cybersecurity processes have been integrated into the Company’s overall processes.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Governance
The audit committee operates under a written charter adopted by the Company’s Board of Directors. The audit committee of the Company’s Board of Directors oversees, among other things, a system of internal controls, including internal controls designed to assess, identify, and manage material risks from cybersecurity threats. The audit committee is also responsible for the adequacy and effectiveness of the Company’s internal controls, including those internal controls that are designed to assess, identify, and manage material risks from cybersecurity threats.
The audit committee is informed of material risks, if any, from cybersecurity threats pursuant to escalation criteria set forth in the Company’s disclosure controls and procedures. Further, at least once per quarter, the Company’s CISO reports material risks, if any, from cybersecurity threats to the Company’s audit committee and/or Board of Directors.
The Company’s management, including members of its audit committee and the Company’s Chief Information Security Officer ("CISO"), also assess and manage material risks, if any, from cybersecurity threats.
The audit committee is composed entirely of non-employee directors. The audit committee is responsible for establishing and monitoring the integrity and effectiveness of controls and other procedures, including controls and procedures related to managing material risks from cybersecurity threats, which are designed to ensure that (1) all information required to be disclosed is recorded, processed, summarized, and reported accurately and on a timely basis, and (2) all such information is accumulated and communicated to management and the Board of Directors, as appropriate, to allow for timely decisions regarding such disclosures.
The Company’s CISO oversees the Company’s incident response plan and related processes designed to assess and manage material risks, if any, from cybersecurity threats. The Company’s CISO also coordinates with consultants and other third parties to assess and manage material risks, if any, from cybersecurity threats. The Company’s CISO oversees the Company’s incident response plan and related processes designed to assess and manage material risks, if any, from cybersecurity threats.
The Company’s CISO's relevant cybersecurity expertise is comprised of 15+ years' experience within IT and Cyber Security; 1st Class BSc Hons Degree, Computer Science, ISO27001 Lead Auditor and Implementor; detailed knowledge of Security Frameworks including PCI DSS, ISO27001 and SOC. Risk Management and mitigation.
The Company’s CISO is informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents pursuant to criteria set forth in the Company’s incident response plan and related processes. The Company’s CISO is also informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents pursuant to notification criteria set forth in the Company’s contracts with third-party service providers. Further, the Company’s CISO is informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents pursuant to reports prepared by consultants, auditors, and other third parties retained by the Company, if necessary, to investigate cybersecurity incidents.
The Company’s CISO or a delegate thereof informs the audit committee of cybersecurity incidents that may be material pursuant to escalation criteria set forth in the Company’s incident response plan and related processes.
The Company’s CISO or a delegate thereof also prepares a report for the audit committee and the Board of Directors, concerning material risks, if any, from cybersecurity threats at least once per quarter, and more often to the extent necessary pursuant to the escalation criteria set forth in the Company’s processes described herein.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The audit committee is also responsible for the adequacy and effectiveness of the Company’s internal controls, including those internal controls that are designed to assess, identify, and manage material risks from cybersecurity threats.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
The audit committee is informed of material risks, if any, from cybersecurity threats pursuant to escalation criteria set forth in the Company’s disclosure controls and procedures. Further, at least once per quarter, the Company’s CISO reports material risks, if any, from cybersecurity threats to the Company’s audit committee and/or Board of Directors.
|Cybersecurity Risk Role of Management [Text Block]
|
Governance
The audit committee operates under a written charter adopted by the Company’s Board of Directors. The audit committee of the Company’s Board of Directors oversees, among other things, a system of internal controls, including internal controls designed to assess, identify, and manage material risks from cybersecurity threats. The audit committee is also responsible for the adequacy and effectiveness of the Company’s internal controls, including those internal controls that are designed to assess, identify, and manage material risks from cybersecurity threats.
The audit committee is informed of material risks, if any, from cybersecurity threats pursuant to escalation criteria set forth in the Company’s disclosure controls and procedures. Further, at least once per quarter, the Company’s CISO reports material risks, if any, from cybersecurity threats to the Company’s audit committee and/or Board of Directors.
The Company’s management, including members of its audit committee and the Company’s Chief Information Security Officer ("CISO"), also assess and manage material risks, if any, from cybersecurity threats.
The audit committee is composed entirely of non-employee directors. The audit committee is responsible for establishing and monitoring the integrity and effectiveness of controls and other procedures, including controls and procedures related to managing material risks from cybersecurity threats, which are designed to ensure that (1) all information required to be disclosed is recorded, processed, summarized, and reported accurately and on a timely basis, and (2) all such information is accumulated and communicated to management and the Board of Directors, as appropriate, to allow for timely decisions regarding such disclosures.
The Company’s CISO oversees the Company’s incident response plan and related processes designed to assess and manage material risks, if any, from cybersecurity threats. The Company’s CISO also coordinates with consultants and other third parties to assess and manage material risks, if any, from cybersecurity threats. The Company’s CISO oversees the Company’s incident response plan and related processes designed to assess and manage material risks, if any, from cybersecurity threats.
The Company’s CISO's relevant cybersecurity expertise is comprised of 15+ years' experience within IT and Cyber Security; 1st Class BSc Hons Degree, Computer Science, ISO27001 Lead Auditor and Implementor; detailed knowledge of Security Frameworks including PCI DSS, ISO27001 and SOC. Risk Management and mitigation.
The Company’s CISO is informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents pursuant to criteria set forth in the Company’s incident response plan and related processes. The Company’s CISO is also informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents pursuant to notification criteria set forth in the Company’s contracts with third-party service providers. Further, the Company’s CISO is informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents pursuant to reports prepared by consultants, auditors, and other third parties retained by the Company, if necessary, to investigate cybersecurity incidents.
The Company’s CISO or a delegate thereof informs the audit committee of cybersecurity incidents that may be material pursuant to escalation criteria set forth in the Company’s incident response plan and related processes.
The Company’s CISO or a delegate thereof also prepares a report for the audit committee and the Board of Directors, concerning material risks, if any, from cybersecurity threats at least once per quarter, and more often to the extent necessary pursuant to the escalation criteria set forth in the Company’s processes described herein.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|
The audit committee is composed entirely of non-employee directors. The audit committee is responsible for establishing and monitoring the integrity and effectiveness of controls and other procedures, including controls and procedures related to managing material risks from cybersecurity threats, which are designed to ensure that (1) all information required to be disclosed is recorded, processed, summarized, and reported accurately and on a timely basis, and (2) all such information is accumulated and communicated to management and the Board of Directors, as appropriate, to allow for timely decisions regarding such disclosures.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|The Company’s CISO's relevant cybersecurity expertise is comprised of 15+ years' experience within IT and Cyber Security; 1st Class BSc Hons Degree, Computer Science, ISO27001 Lead Auditor and Implementor; detailed knowledge of Security Frameworks including PCI DSS, ISO27001 and SOC. Risk Management and mitigation.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|
The Company’s CISO is informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents pursuant to criteria set forth in the Company’s incident response plan and related processes. The Company’s CISO is also informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents pursuant to notification criteria set forth in the Company’s contracts with third-party service providers. Further, the Company’s CISO is informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents pursuant to reports prepared by consultants, auditors, and other third parties retained by the Company, if necessary, to investigate cybersecurity incidents.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef