Semler Scientific, Inc. 10-K Cybersecurity GRC - 2024-03-06

Page last updated on April 11, 2024

Semler Scientific, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-06 18:07:11 EST.

Filings

10-K filed on 2024-03-06

Semler Scientific, Inc. filed an 10-K at 2024-03-06 18:07:11 EST
Accession Number: 0001554859-24-000010

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Risk Management and Strategy We regularly assess risks from cybersecurity threats; monitor our information systems for potential vulnerabilities; and test those systems pursuant to our cybersecurity policies, processes, and practices, which are integrated into our overall risk management program. To protect our information systems from cybersecurity threats, we use various security tools that are designed to help identify, escalate, investigate, resolve, and recover from security incidents in a timely manner. Our Information Technology or IT department assesses risks based on probability and potential impact to key business systems and processes. Risks that are considered high are incorporated into our overall risk management program. All employees receive cybersecurity training with job-specific topic considerations. Our IT team engages third-party vendors to assist with providing timely cybersecurity threat alerts in addition to monitoring cybersecurity threats and our defenses against cyberattacks. This monitoring includes the proactive identification of vulnerabilities in our systems with threat intelligence. The employees within our broader IT team who specialize in cybersecurity operations are responsible for coordinating and overseeing the activities of these third-party vendors. Cybersecurity threats, including those resulting from any previous cybersecurity incidents, have not materially affected our company, including our business strategy, results of operations, or financial condition. We do not believe that cybersecurity threats resulting from any previous cybersecurity incidents of which we are aware are reasonably likely to materially affect our company. Refer to the risk factor captioned An information security incident, including a cybersecurity breach, could have a negative impact on our business or reputation in Part I, Item 1A. General Risk Factors for additional description of cybersecurity risks and potential related impacts on our company. Governance Our board of directors oversees our risk management process, including as it pertains to cybersecurity risks, directly and through its committees. The audit committee of the board oversees our risk management program, which focuses on the most significant risks we face in the short, intermediate, and long-term timeframe. Audit committee meetings include discussions of specific risk areas throughout the year, including, among others, those relating to cybersecurity threats, and reports from the chief financial officer on our enterprise risk profile on an annual basis. The audit committee reviews our cybersecurity risk profile with management on a periodic basis using key performance and/or risk indicators. These key performance indicators are metrics and measurements designed to assess the effectiveness of our cybersecurity program in the prevention, detection, mitigation, and remediation of cybersecurity incidents. We take a risk-based approach to cybersecurity and have implemented cybersecurity policies throughout our operations that are designed to address cybersecurity threats and incidents. Our chief technology officer, or CTO, is responsible for the establishment and maintenance of our cybersecurity program, as well as the assessment and management of cybersecurity risks. Our current CTO has over 30 years of experience in information technology and possesses the requisite education, skills, experience, and industry certifications expected of an individual assigned to these duties. The CTO provides periodic updates on our cybersecurity risk profile to management and the audit committee of our board of directors.

Company Information