reAlpha Tech Corp. 10-K Cybersecurity GRC - 2024-03-12

Page last updated on April 11, 2024

reAlpha Tech Corp. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-12 06:06:47 EDT.

Filings

10-K filed on 2024-03-12

reAlpha Tech Corp. filed an 10-K at 2024-03-12 06:06:47 EDT
Accession Number: 0001213900-24-021553

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Risk Management and Strategy We recognize the critical importance of developing, implementing, and maintaining robust cybersecurity measures to safeguard our information systems and protect the confidentiality, integrity, and availability of our data. Managing Material Risks & Integrated Overall Risk Management We are strategically integrating cybersecurity risk management into our broader risk management framework to promote a company-wide culture of cybersecurity risk management. This integration ensures that cybersecurity considerations are an integral part of our decision-making processes at every level. Our risk management team works closely with our consultants to continuously evaluate and address cybersecurity risks in alignment with our business objectives and operational needs. Our cybersecurity policy is based on the guidance from the National Institute of Standards and Technology (NIST) on cybersecurity framework to assess our cybersecurity risk and governance practices. The NIST framework is designed to assist organizations in identifying, assessing, and managing cybersecurity risks to protect critical infrastructure and sensitive information. The guidance provided by NIST covers a wide range of organizational assets, including physical and digital assets such as data, information systems, networks, hardware, software, operations technology, and human resources. By adhering to the NIST framework, we can implement effective security controls, establish robust incident response strategies, and foster a culture of cybersecurity awareness and resilience. Engage Third-parties on Risk Management Recognizing the complexity and evolving nature of cybersecurity threats, we engaged with external experts, including cybersecurity assessors, consultants, and auditors in evaluating and testing our risk management systems. Our consultants assist with our overall cybersecurity posture, recommend remediation and implementing as needed. Any third-party engaged to assist with our cybersecurity risk management framework is directly engaged by us. This enables us to leverage specialized knowledge and insights, ensuring our cybersecurity strategies and processes remain at the forefront of industry best practices. Our collaboration includes regular audits, threat assessments, and consultation on security enhancements. 51 Oversee Third-party Risk Because we are aware of the risks associated with third-party service providers, we are implementing stringent processes to oversee and manage these risks. We conduct thorough security assessments of all third-party providers before engagement and maintain ongoing monitoring to ensure compliance with our cybersecurity standards. The monitoring includes regular assessments on an ongoing basis. This approach is designed to mitigate risks related to data breaches or other security incidents originating from third-parties. Risks from Cybersecurity Threats We have not encountered cybersecurity challenges that have materially impaired our operations or financial standing. Governance The board of directors is acutely aware of the critical nature of managing risks associated with cybersecurity threats. We are currently establishing robust oversight mechanisms to ensure effective governance in managing risks associated with cybersecurity threats because we recognize the significance of these threats to our operational integrity and stockholder confidence. Management s Role Managing Risk The Chief Executive Officer ( CEO ), Chief Operating Officer and President ( COO ) and Chief Financial Officer ( CFO ) play a pivotal role in managing cybersecurity risks. They get comprehensive briefings on a regular basis. These briefings encompass a broad range of topics, including: Current cybersecurity landscape and emerging threats Status of ongoing cybersecurity initiatives and strategies Incident reports and learnings from any cybersecurity events and Compliance with regulatory requirements and industry standards. In addition to our scheduled meetings, the CEO, COO and CFO maintain an ongoing dialogue regarding emerging or potential cybersecurity risks. Together, they receive updates on any significant developments in the cybersecurity domain, ensuring the board of directors oversight is proactive and responsive. The board of directors actively participate in strategic decisions related to cybersecurity, offering guidance and approval for major initiatives. This involvement ensures that cybersecurity considerations are integrated into our broader strategic objectives. Risk Management Monitoring Our cybersecurity consultants primarily help us with assessing, monitoring, and managing our cybersecurity risks. This help us to be up to date with emerging cybersecurity risks as well as providing effective prevention, detection, mitigation and remediation of cybersecurity incidents, to the extent we have any in the future. We are actively working on implementing processes to regularly monitor our information systems. This includes deployment of advanced security measures as well as regular audits. For instance, we implemented Multi Factor Authentication (MFA) for electronic communications, applications and cloud infrastructure, and we also implemented strict rules for outgoing electronic messages to mitigate risks related to impersonation. We also implemented controls for incoming electronic messages to mitigate a range of cyber-attacks, such as computer viruses, malicious or destructive codes, phishing attacks, denial of service or other security breaches that could result in the unauthorized release, monitoring, misuse, loss or destruction of confidential, proprietary and any other material information of the Company. Additionally, we have implemented security trainings for employees and staff targeting the recognition of phishing campaigns. We are pursuing industry standard security certifications and committed to be up to date with them. Various policies and procedures are being developed including incident response plans, communication plans and disaster recovery plans. 52 Security Training We provide security training to our employees on regular basis, so they are equipped with recognizing and responding to security threats in a consistent manner. We also will be conducting internal security campaigns and adjust our training material accordingly as needed. Reporting to Board of Directors The COO, in his capacity, regularly informs the CFO and CEO of all aspects related to cybersecurity risks and incidents. This ensures that the highest levels of management are kept abreast of the cybersecurity posture and potential risks facing us. Furthermore, significant cybersecurity matters, and strategic risk management decisions will be escalated to our audit committee, ensuring that they have comprehensive oversight and can provide guidance on critical cybersecurity issues. Once escalated, the audit committee will be provided with information on data protection, threat intelligence, incident response and any other relevant cybersecurity information and incidents to best assess the situation and prepare accordingly. The audit committee will also review steps management is taking to monitor and control any potential exposure, including results of internal and external audits.

Company Information