Apr. 07, 2022
Hi, I’m one of the Grant Thornton IT senior managers, responsible for SOX projects and I have some questions regarding the Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure. Please, can you inform the following: What is the period/ How long the companies will have to have all these adjustments implemented in their processes? There’s any deadline? There will be any template with an example of the Forms filled with the required cyber information? One of the takeaways defines that material cybersecurity incidents should be reported within four days in the Form 8-K. There’s any definition of what is “material”? Is it a subject decision of each company? Regards, Felipe Pereira Duarte, CISA, CDPSE Senior Manager | Risk IT Advisory Services Grant Thornton Brasil T C E Rua Voluntários da Pátria, 89 - 5º Andar | Botafogo 22.270-010 | Rio de Janeiro (RJ) | Brasil