MYOMO, INC. 10-K Cybersecurity GRC - 2024-03-07

Page last updated on April 11, 2024

MYOMO, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-07 21:38:51 EST.

Filings

10-K filed on 2024-03-07

MYOMO, INC. filed an 10-K at 2024-03-07 21:38:51 EST
Accession Number: 0000950170-24-028326

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity We utilize a third-party managed security service provider to support our information technology services, which include ongoing support for the management of cyber risks and protection of our information technology infrastructure. Our critical business applications are provided and managed by third party cloud software providers. 40 Table of Contents Our cybersecurity risk management strategy is informed by a recent cyber risk assessment conducted in consultation with our third party managed security service provider. The assessment was informed by industry standards and included an evaluation of our cybersecurity controls. We also leverage our managed security services provider and other third-party consultants, providers, and technologies to support our efforts to monitor, identify, and address cybersecurity risks, including managing our monitoring and alerting tools and conducting periodic assessments of certain system applications. Our efforts to address cybersecurity risks and also include training employees, both from programs provided by our third-party managed security service provider and internal policies and training, which are designed to increase awareness of cybersecurity threats. We have a process to assess and review the cybersecurity practices of certain third-party vendors and service providers, including through review of applicable certifications and security reports, where available, and contractual requirements, as appropriate. Although risks from cybersecurity threats have to date not materially affected, and we do not believe they are reasonably likely to materially affect, us, our business strategy, results of operations or financial condition, we could, from time to time, experience threats and communicate security incidents relating to our and our third-party vendors’ information systems. For more information please see the section entitled “Risks Related to Cybersecurity and Data Protection” in Item 1A- Risk Factors. We maintain an incident response and a disaster recovery plan, which includes plans around managing cybersecurity incidents, and is intended to serve as a guide for management of such events and to set forth communication procedures regarding potential impacts to our board, investors, and other stakeholders, as appropriate. Governance Related to Cybersecurity Risks Our cyber risk management program and related operations and processes are directed by our Chief Financial Officer, in consultation with other members of senior management and our third-party security managed service provider. The Chief Financial Officer is responsible for identifying, evaluation, and implementing risk management control and methodologies to address any identified risks, including risks from cybersecurity threats, with advice from our third-party managed security service provider as appropriate. The Chief Financial Officer periodically provides reports to the audit committee of the board of directors regarding information technology and cybersecurity matters and associated risks. The audit committee is responsible for reviewing and overseeing the Company’s risk management process and strategy, including risks from cybersecurity threats. The audit committee periodically reports on cybersecurity risk management to the full board of directors. 41 Table of Contents

Company Information