MIMEDX GROUP, INC. 10-K Cybersecurity GRC - 2024-02-28

Page last updated on April 11, 2024

MIMEDX GROUP, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-28 16:02:35 EST.

Filings

10-K filed on 2024-02-28

MIMEDX GROUP, INC. filed an 10-K at 2024-02-28 16:02:35 EST
Accession Number: 0001376339-24-000009

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity We face significant and persistent cybersecurity risks due primarily to: the substantial level of harm that could occur to us and our customers were we to suffer impacts of a material cybersecurity incident; and our use of third-party products, services and components. We are committed to maintaining robust governance and oversight of these risks and to implementing mechanisms, controls, technologies, and processes designed to help us assess, identify, and manage these risks. While we have not, as of the date of this Annual Report, experienced a cybersecurity threat or incident that resulted in a material adverse impact to our business or operations, there can be no guarantee that we will not experience such an incident in the future. In addition, these threats are constantly evolving, thereby increasing the difficulty of successfully defending against them or implementing adequate preventative measures. We seek to detect and investigate unauthorized attempts and attacks against our network, products, and services, and to prevent their occurrence and recurrence where practicable through changes or updates to our internal processes and tools and changes or updates to our products and services; however, we remain potentially vulnerable to known or unknown threats. We aim to incorporate industry best practices throughout our cybersecurity program. Our cybersecurity strategy focuses on implementing effective and efficient controls, technologies, and other processes to assess, identify, and manage material cybersecurity risks. Our cybersecurity program is designed to be aligned with applicable industry standards and is assessed periodically by independent third-parties. We have processes in place to assess, identify, manage, and address material cybersecurity threats and incidents. These include, among other things: annual and ongoing security awareness training for employees; mechanisms to detect and monitor unusual network activity; and containment and incident response tools. We monitor issues that are internally discovered or externally reported that may affect our business, and have processes to assess those issues for potential cybersecurity impact or risk. We also have a process in place to manage cybersecurity risks associated with third-party service providers. We impose security requirements upon our suppliers, including: maintaining an effective security management program and abiding by information handling and asset management requirements. Our Board of Directors has ultimate oversight of cybersecurity risk, which it manages as part of our enterprise risk management program. That program is utilized in making decisions with respect to company priorities, resource allocations, and oversight structures. The Board of Directors is assisted by the Audit Committee, which regularly reviews our cybersecurity program with management and reports to the Board of Directors. Cybersecurity reviews by the Audit Committee or the Board of Directors generally occur at least annually, or more frequently as determined to be necessary or advisable. Our cybersecurity program is run by the head of our information security department, who reports to our Chief Financial Officer. Our Chief Financial Officer is informed about and monitors prevention, detection, mitigation, and remediation efforts through regular communication and reporting from professionals in the information security team, who hold cybersecurity certifications such as a Certified Information Systems Security Professional, and through the use of technological tools and software and results from third party audits. We have an escalation process in place to inform senior management and the Board of Directors of material issues.

Company Information