What security measures does Benihana implement to protect its informational technology environment?
Benihana Franchise · 2024 FDDAnswer from 2024 FDD Document
aining the integrity and availability of our information technology systems and this information, as well as appropriate limitations on access and confidentiality of such information, is important to our operations and business strategy. We implemented a program designed to assess, identify and manage risks from potential unauthorized occurrences on or through our information technology systems that may result in adverse effects on the confidentiality and integrity of these systems and the data residing in them. With the exception of local point-of-sale solutions, we do not host any solutions on premise as all applications are software as a service.
The program is managed and monitored by a team led by our Chief Information Officer and includes mechanisms, controls, technologies, systems, policies and other processes designed to prevent or mitigate data loss, theft, misuse, or other security incidents or vulnerabilities affecting the systems and data residing in them. For example, we conduct risk-based penetration and vulnerability testing and ongoing risk assessments. We also conduct employee training on cyber and information security, among other topics. In addition, we consult with outside advisors and experts to assist with assessing, identifying, and managing cybersecurity risks and their impact on our risk environment. Lastly, we outsource to a cybersecurity firm all intrusion detection, intrusion prevention and system incident and event monitoring.
Our Chief Information Officer, who reports directly to the Chief Executive Officer and has over 25 years of experience managing information technology and cybersecurity matters, together with our thirdparty service providers, are responsible for assessing and managing cybersecurity risks. We consider cybersecurity, along with other significant risks that we face, within our overall enterprise risk management framework. In the last fiscal year, we have not identified any prior cybersecurity incidents that materially affected us, but we face certain ongoing risks from
cybersecurity threats that, if realized, could materially affect us. Additional information on cybersecurity risks we face is discussed in Part I, Item 1A, "Risk Factors," under the heading "Cybersecurity, Data Privacy and IT Systems."
The Board of Directors, as a whole and at the committee level, has oversight for the most significant risks facing us and for our processes to identify, prioritize, assess, manage, and mitigate those risks. The Audit Committee, which is comprised solely of independent directors, has been designated by our Board to oversee cybersecurity risks. The Committee receives regular updates and reviews with management the implementation and effectiveness of the Company's controls to monitor and mitigate cybersecurity risks.
Item 2. Properties
We do not own any real property. Each of our "owned" restaurants operates in premises leased by its operating subsidiary. We do not have a direct ownership interest in restaurants we operate under a management agreement ("managed") or license agreement ("licensed").
Source: Item 22 — CONTRACTS (FDD pages 73–74)
What This Means (2024 FDD)
According to Benihana's 2024 Franchise Disclosure Document, Benihana employs a range of security measures to protect its information technology environment. These measures include internal resources and external consultants who conduct auditing and testing to identify weaknesses. A team led by the Chief Information Officer manages and monitors the program, implementing mechanisms, controls, technologies, systems, and policies designed to prevent data loss, theft, misuse, and other security incidents. Benihana also conducts risk-based penetration and vulnerability testing, ongoing risk assessments, and employee training on cyber and information security. They consult with outside advisors and experts to help manage cybersecurity risks and outsource intrusion detection, intrusion prevention, and system incident and event monitoring to a cybersecurity firm.
The Chief Information Officer, reporting directly to the Chief Executive Officer, is responsible for assessing and managing cybersecurity risks, which are considered within the overall enterprise risk management framework. The Audit Committee of the Board of Directors, comprised of independent directors, oversees these cybersecurity risks, receiving regular updates on the implementation and effectiveness of controls.
Despite these measures, Benihana acknowledges that its systems and those of its third-party contractors remain vulnerable to various threats, including hacking, computer viruses, unauthorized access, natural disasters, terrorism, and equipment failures. The company notes that there is no guarantee that disruptions or security breaches will be promptly detected. Such breaches could disrupt operations, compromise financial information, and lead to liability, reputational damage, poor financial performance, or regulatory actions, all of which could adversely affect Benihana's business. Prospective franchisees should be aware of these potential risks and the importance Benihana places on data security.