PROFIRE ENERGY INC 10-K Cybersecurity GRC - 2024-03-13

Page last updated on April 11, 2024

PROFIRE ENERGY INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-13 16:03:01 EDT.

Filings

10-K filed on 2024-03-13

PROFIRE ENERGY INC filed an 10-K at 2024-03-13 16:03:01 EDT
Accession Number: 0001289636-24-000005

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy We recognize the importance of cybersecurity in safeguarding sensitive customer and employee information, protecting our stakeholders, and maintaining customer trust. Our approach to identifying and managing cybersecurity risks includes performing periodic risk assessments, implementing and overseeing governance and policies, maintaining an incident response plan, ongoing training and awareness programs, evaluating the control environments of third-party IT vendors, and a goal of continuous improvement. Cybersecurity is an important and integrated part of our enterprise risk management process that identifies, monitors, and mitigates business, operational and legal risks by involving employees, executive leaders, board members and third parties as necessary. We understand the importance of educating our employees about cybersecurity risks, and, over the past several years have implemented awareness and training programs for employees with a goal of continually increasing employee education on the risks and threats of cybersecurity. This initiative aims to foster a culture of cybersecurity awareness and empower our employees to be vigilant in identifying and assisting with the mitigation of potential threats. In addition, we maintain a cybersecurity risk insurance policy that would help defray the costs associated with a covered cybersecurity incident if it occurred however, the costs related to cybersecurity threats or disruptions may not be fully insured. Governance The Chief Financial Officer and IT Manager comprise our cybersecurity team. This team is responsible for assessing and managing our cyber risk management program, informs senior management regarding the prevention, detection, mitigation, 20 and remediation of cybersecurity incidents and supervises such efforts. The cybersecurity team has experience selecting, deploying, and operating cybersecurity technologies, initiatives, and processes, and relies on threat intelligence as well as other information obtained from governmental, public and/or private sources, including external consultants. The Audit Committee of the Board of Directors oversees the Company s cybersecurity program and the steps taken by management to monitor, identify, and mitigate cybersecurity risks. The cybersecurity team briefs the Audit Committee on the effectiveness of the Company s cyber risk management program, typically on a quarterly basis. Our goal is for continuous improvement in our cybersecurity program. We regularly monitor, evaluate, and aim to enhance our capabilities, experience, and expertise through investments in technology, infrastructure, personnel, and the use of outside consultants. Our objective is to try to stay ahead of emerging threats and maintain the highest level of cybersecurity resilience. We face risks from cybersecurity threats that could have a material adverse effect on our business, financial condition, results of operations, cash flows or reputation. Prior cybersecurity incidents have not had a material adverse effect on our business, financial condition, results of operations or cash flows, but the scope and impact of any future incident cannot be predicted. See Risk Factors Risks Relating to Our Business Disruptions, failures or security breaches of our information technology infrastructure could have a negative impact on our operations.

Company Information