Atomera Inc 10-K Cybersecurity GRC - 2024-02-15

Page last updated on April 11, 2024

Atomera Inc reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-15 16:47:17 EST.

Filings

10-K filed on 2024-02-15

Atomera Inc filed an 10-K at 2024-02-15 16:47:17 EST
Accession Number: 0001683168-24-001031

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy . Our cybersecurity program is built upon the National Institute for Standards and Technology ( NIST ), International Organization for Standardization ( ISO ) and other best practice frameworks. We employ processes for assessing, identifying, and managing material risks from cybersecurity threats, including engagement of an independent cybersecurity consultant to audit our systems and procedures, make recommendations for improvement and monitor remediation of any identified risks. We also conduct random vulnerability testing including network penetration, phishing and social engineering tests. In addition, we also request Systems and Organization Control ( SOC ) type reports from several of our service providers including our payroll and human resources system provider and stock administration provider. Although we develop and maintain systems and controls designed to prevent cybersecurity breaches from occurring, and we have a process to identify and mitigate threats, the development and maintenance of these systems, controls and processes is costly and requires ongoing monitoring and updating as technologies change and efforts to overcome security measures become increasingly sophisticated. Moreover, despite our efforts, the possibility of a breach occurring cannot be eliminated entirely. As we outsource more of our information systems to vendors, engage in more electronic transactions with service customers and vendors, and rely more on cloud-based information systems, the related security risks will increase and we will need to expend additional resources to protect our technology and information systems. In addition, there can be no assurance that our internal information technology systems or those of our third-party contractors, or our consultants efforts to implement adequate security and control measures, will be sufficient to protect us against breakdowns, service disruption, data deterioration or loss in the event of a system malfunction, or prevent data from being stolen or corrupted in the event of a cyberattack, security breach, industrial espionage attacks or insider threat attacks which could result in financial, legal, business or reputational harm. As of the date of this report, we are not aware of cybersecurity threats, including as a result of any previous cybersecurity incidents, that have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition. Governance . Our senior management team conducts the regular assessment and management of material risks from cybersecurity threats, including review with our IT team and third-party service providers. All employees and consultants are directed to report to our senior management any irregular or suspicious activity that could indicate a cybersecurity threat or incident. The Audit Committee of our Board of Directors created a cybersecurity subcommittee in February 2023 which evaluates our cybersecurity assessment and management policies, including quarterly interviews with our senior officers. Our Audit Committee meets at least quarterly with our independent registered accounting firm and communicates with them regarding any cybersecurity related risks.

Company Information