XML 46 R28.htm IDEA: XBRL DOCUMENT v3.25.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Risk management and strategy

We have a cybersecurity program for assessing, identifying, and managing material risks from cybersecurity threats, and we monitor the prevention, detection, mitigation and remediation of cybersecurity incidents, as applicable. We believe our cybersecurity program is reasonably designed to materially protect the security of our data and the data in our possession. Our policies and procedures address security governance, security awareness and training, access management, vulnerability management, penetration testing, security monitoring and incident response. In addition, our employees regularly undergo continuing cybersecurity training, and employees in higher-risk functions receive additional training and cybersecurity awareness education. Audits, cybersecurity simulations and employee testing results indicate that our program is effective in protecting our information. We also engage regularly with third parties to evaluate the strength of our program through penetration testing, vulnerability testing and mock phishing campaigns to identify and mitigate risks. We have policies and processes to govern third-party access and reduce the risks associated with such access. In general, we seek to address cybersecurity risks through a comprehensive, cross-functional approach that is focused on preserving the confidentiality, security and availability of the information that we collect and store by identifying, preventing and mitigating cybersecurity threats and effectively responding to cybersecurity incidents when they occur.

AudioCodes’ risk management and strategy is based on the following principles:

Risk management is a continuous, cyclical process that involves six steps: (1) establishing context; (2) identifying and describing risks; (3) quantifying and assessing risks; (4) taking action to control risks; (5) monitoring and reviewing risks; (6), and communicating and consulting about risks.
Risk management is a key organizational responsibility that aims to identify and control all risks that might have an impact on the organization’s objectives, its employees, and the people it interacts with.
Risk management is a good management practice and central to the effective running of the organization. AudioCodes will seek to ensure that any decisions made on behalf of the organization are taken with due consideration of the effective management of risks.
Risk management is supported by an annual external audit and review of governance, risk management, and internal controls, as well as regular internal audits and reports.
AudioCodes shall seek to implement the information security controls as detailed in its work plan and risk assessment table.
AudioCodes has assigned clear roles and responsibilities for risk management to its senior management, the CISO, its employees and its contractors.

Our systems face cybersecurity risks, and although such risks have not to date materially affected, and we do not believe they are reasonably likely to materially affect, us, our business strategy, results of operations or financial condition, we may, from time to time, experience threats to and security incidents related to our data and systems. We can provide no assurance that we will not experience any material cybersecurity threats or incidents in the future. See Item 3.D, “Key Information – Risk Factors – A data security or privacy breach could adversely affect our business and services.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block]

AudioCodes’ risk management and strategy is based on the following principles:

Risk management is a continuous, cyclical process that involves six steps: (1) establishing context; (2) identifying and describing risks; (3) quantifying and assessing risks; (4) taking action to control risks; (5) monitoring and reviewing risks; (6), and communicating and consulting about risks.
Risk management is a key organizational responsibility that aims to identify and control all risks that might have an impact on the organization’s objectives, its employees, and the people it interacts with.
Risk management is a good management practice and central to the effective running of the organization. AudioCodes will seek to ensure that any decisions made on behalf of the organization are taken with due consideration of the effective management of risks.
Risk management is supported by an annual external audit and review of governance, risk management, and internal controls, as well as regular internal audits and reports.
AudioCodes shall seek to implement the information security controls as detailed in its work plan and risk assessment table.
AudioCodes has assigned clear roles and responsibilities for risk management to its senior management, the CISO, its employees and its contractors.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block] As part of our board of directors’ enterprise risk management process, our board of directors has responsibility for oversight of cybersecurity risk management. Our board of directors has delegated to the audit committee of our board of directors’ oversight of our cybersecurity risk management program, which, pursuant to the audit committee charter, includes reviewing our cybersecurity and other information technology risks, controls and procedures, including our plans to mitigate cybersecurity risks and to respond to data breaches. Our internal auditor provides periodic reports to the audit committee covering cybersecurity and other information technology risks affecting us. In the event of a cybersecurity incident, we have implemented a process in which our CIO would report such incident to our board of directors if the incident were determined to present critical risk to us.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] audit committee
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] Our internal auditor provides periodic reports to the audit committee covering cybersecurity and other information technology risks affecting us. In the event of a cybersecurity incident, we have implemented a process in which our CIO would report such incident to our board of directors if the incident were determined to present critical risk to us.
Cybersecurity Risk Role of Management [Text Block] Under the ultimate direction of our Chief Information Officer, or the CIO, our CIO has primary responsibility for day-to-day management of our cybersecurity risk management program, including leading a dedicated team of technology professionals to monitor cybersecurity risks on behalf of AudioCodes. Our IT department, led by our CIO, is responsible for assessing potential vulnerabilities and exposures to cybersecurity threats, implementing controls and measures designed to mitigate these risks, and regularly monitoring and updating these measures as appropriate to adapt to evolving cybersecurity threats. Our current CIO possesses approximately 10 years of experience with information technology and cybersecurity risk management.

AudioCodes’ senior management has the ultimate responsibility for the implementation of its risk management policy and risk management process on a day-to-day basis. Senior management is accountable for ensuring that the risk management policy is established, implemented, maintained and reviewed in accordance with the ISO 27001 standard and the organizational objectives. Senior management is also responsible for providing the necessary resources, support and guidance for the effective execution of the risk management process. In particular, AudioCodes’ senior management demonstrates leadership and commitment to the risk management policy and the risk management process by:

Establishing and communicating the risk appetite and the risk criteria for the organization;
Approving the risk management policy and ensuring its alignment with the information security policy and the Information Security Management System, or ISMS, manual;
Ensuring that the roles and responsibilities for the risk management process are clearly defined and assigned;
Ensuring that the risk management process is integrated into the organizational processes and the ISMS manual;
Ensuring that the risk management process is monitored and reviewed regularly and that the results are reported and acted upon;
Ensuring that the risk management process is subject to internal and external audits and that the audit findings are addressed and resolved; and
Security and privacy committee meets quarterly and discusses on open issues regarding cyber security and cyber risks.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] Chief Information Officer
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] Our current CIO possesses approximately 10 years of experience with information technology and cybersecurity risk management.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
Ensuring that the risk management process is monitored and reviewed regularly and that the results are reported and acted upon;
Security and privacy committee meets quarterly and discusses on open issues regarding cyber security and cyber risks.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true