CRAWFORD UNITED Corp 10-K Cybersecurity GRC - 2024-03-05

Page last updated on July 16, 2024

CRAWFORD UNITED Corp reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-05 06:06:38 EST.


10-K filed on 2024-03-05

CRAWFORD UNITED Corp filed a 10-K at 2024-03-05 06:06:38 EST
Accession Number: 0001437749-24-006528

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY. In the past year and with the guidance of a qualified third-party, we have made improvements in our cybersecurity program across the Company, and we have developed processes for deterring, detecting, evaluating, and responding to potential cybersecurity incidents. In doing so, we focus on our employees, networks, applications and data with a cybersecurity plan, informed by nationally recognized frameworks. Our third-party advisor has performed cybersecurity risk assessments of our information technology security processes and implemented technologies to lessen risk. Using third party services, we monitor, scan, assess, audit, and remediate identified vulnerabilities across our networks, as appropriate. Furthermore, recognizing that our employees are an essential line of defense in cybersecurity, we require employees to participate in training and testing programs through which we provide education on the risk of potential cybersecurity incidents, methods for identification of such incidents and appropriate responses. Our policies and processes are informed by industry standard practices regarding application security, access management, device protection, network management, and data loss prevention and recovery. Our cybersecurity incident response plan includes retention of external experts for prompt assistance following discovery of any material incident. This cybersecurity incident response plan is part of our ongoing cybersecurity vulnerability management, and we endeavor to maintain appropriate controls to identify, monitor, analyze and address potential cybersecurity incidents, including potential unauthorized access to our networks and applications, along with detection of potential unusual activity within our networks or applications. Any potential cybersecurity incident is immediately reported the Chief Executive Officer and Chief Financial Officer, and the Audit Committee or the full Board, as appropriate. Our Board of Directors provides oversight of risks from cybersecurity threats, in coordination with our management team and the Audit Committee of the Board. Our Board relies on management to bring significant matters impacting the Company to its attention, including with respect to material risks from cybersecurity threats. Our Audit Committee provides an additional layer of cybersecurity oversight and is responsible for discussing cybersecurity concerns (including data privacy risk management) and the steps management has taken to monitor and control such exposures with management. There have been no cybersecurity incidents which have materially affected us to date, including our business strategy, results of operations or financial condition. However, any future potential risks from cybersecurity threats, including but not limited to exploitation of vulnerabilities, ransomware, denial of service, supply chain attacks, or other similar threats may materially affect us, including our execution of business strategy, reputation, results of operations and/or financial condition. See Item 1A. Risk Factors - “A significant disruption in, or breach in security of, our information technology systems or data could adversely affect our business, reputation and results of operations.”

Company Information

SIC DescriptionIndustrial Instruments For Measurement, Display, and Control
CategoryNon-accelerated filer
Smaller reporting company
Fiscal Year EndDecember 30