Proactive Risk Management

Ziff Davis maintains risk management programs consistent with the highest principles of ethics and integrity, to ensure compliance with applicable laws and regulations and to meet our commitments to widely accepted best practices for data privacy and security. Our Corporate Audit Services (CAS) enhances and protects our organizational value by providing risk-based and objective assurance, advice and insight. CAS reports to the Audit Committee of the Board and is responsible for providing independent assessments to the Committee, management, and outside parties on the adequacy and effectiveness of governance, risk management, and control processes for Ziff Davis. CAS is staffed by a team of auditors from across the organization with deep experience in information technology, data privacy, finance and operations.

As part of our commitment to maintaining the security of our systems and our customers’ information, theZiff Davis Responsible Vulnerability Disclosure Program allows members of the public to responsibly report potential security vulnerabilities relating to the Company’s systems or products.

Data Privacy & Security Training

Ziff Davis uses third party providers of educational material to maintain a regular calendar of mandatory employee training sessions for all employees, designed to educate them on sound Information Security and Data Protection practices. These trainings help alert our employees to the many warning signs of potentially malicious activity by bad actors intent on phishing, spear-phishing, deploying ransomware, etc. Employees are also educated on relevant security and privacy regulations, such as GDPR, CCPA, and PCI. Targeted training is given to certain departments or brands to fulfill any compliance obligations. Additionally, we randomly subject individual business units – and the company at large – to unannounced simulated phishing attacks, designed to test the ability of our workforce to use the training they’ve received to properly react to potential threats.