Sensus Healthcare, Inc. 10-K Cybersecurity GRC - 2024-03-15

Page last updated on July 2, 2024

Sensus Healthcare, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-15 16:41:16 EDT.

Filings

10-K filed on 2024-03-15

Sensus Healthcare, Inc. filed an 10-K at 2024-03-15 16:41:16 EDT
Accession Number: 0001213900-24-023093

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. CYBERSECURITY Cybersecurity Risk Management and Processes Sensus is actively working towards the integration of a cybersecurity risk management program into its comprehensive risk management framework to protect the confidentiality, integrity, and availability of its critical systems and information. Our cybersecurity risk management program is being designed based on various cybersecurity frameworks, including National Institute of Standards and Technology and the Center for Internet Security, as well as information security standards issued by the International Organization for Standardization, including ISO 27001 and ISO 27002. The Company uses these frameworks and information security standards as a guide to identify, assess, and management cybersecurity risks relevant to the business. The Company has implemented or is implementing the following key elements into the cybersecurity risk management program: ● Formalization and implementation of robust IT security policies; ● Conducting vulnerability assessments; ● Revision of user access request documentation to clearly define the roles and permissions assigned to users; ● Thorough review of the accuracy and completeness of user listings and access; ● Preservation of evidence related to system modifications; and ● Continued collaboration with external specialists to aid in the ongoing evaluation of existing policies and procedures. In addition, the Company has a strategic plan, which encompasses the following key elements: ● Establishment of a dedicated cybersecurity governance committee; ● Standardization of cybersecurity incident response procedures and formats; ● Conducting penetration tests on a quarterly basis; ● Enhancement of segregation of duties to mitigate the risk of self-review of transactions within the system; The Company has not identified any risks from known cybersecurity threats and did not have any cybersecurity incidents that have materially affected or are reasonably likely to materially affect the Company. For a discussion of whether and how any risks from cybersecurity threats are reasonably likely to materially affect us, refer to Item 1A. Risk Factors - “The Company’s operations may be impaired if our information technology systems fail to perform adequately or are the subject of a data breach or cyberattack,” which is incorporated by reference into this Item 1C. Cybersecurity Governance The Board of Directors actively collaborates with management to supervise cybersecurity risks. The Chief Technology Officer (“CTO”), with over 10 years’ experience in cybersecurity, leads the Company’s overall cybersecurity function and monitors cybersecurity risks. The CTO works with internal personnel and third-party consultants to design and implement the controls on the prevention, detection, mitigation, and remediation of cybersecurity risks. The CTO maintains regular communication with the Board on matters related to cybersecurity and provides updates to management on a quarterly basis. In the event of a cybersecurity incident, the Board is to be promptly notified. Management considers cybersecurity risk as part of its risk oversight function and is in the process of establishing a cybersecurity governance committee. The cybersecurity governance committee will oversee the management’s implementation of the cybersecurity risk management program. 19
Item 1C. Cybersecurity Governance The Board of Directors actively collaborates with management to supervise cybersecurity risks. The Chief Technology Officer (“CTO”), with over 10 years’ experience in cybersecurity, leads the Company’s overall cybersecurity function and monitors cybersecurity risks. The CTO works with internal personnel and third-party consultants to design and implement the controls on the prevention, detection, mitigation, and remediation of cybersecurity risks. The CTO maintains regular communication with the Board on matters related to cybersecurity and provides updates to management on a quarterly basis. In the event of a cybersecurity incident, the Board is to be promptly notified. Management considers cybersecurity risk as part of its risk oversight function and is in the process of establishing a cybersecurity governance committee. The cybersecurity governance committee will oversee the management’s implementation of the cybersecurity risk management program. 19


Company Information

NameSensus Healthcare, Inc.
CIK0001494891
SIC DescriptionSurgical & Medical Instruments & Apparatus
TickerSRTS - Nasdaq
Website
CategoryNon-accelerated filer
Smaller reporting company
Fiscal Year EndDecember 30