EYENOVIA, INC. 10-K Cybersecurity GRC - 2024-03-18

Page last updated on April 11, 2024

EYENOVIA, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-18 16:17:06 EDT.

Filings

10-K filed on 2024-03-18

EYENOVIA, INC. filed an 10-K at 2024-03-18 16:17:06 EDT
Accession Number: 0001410578-24-000226

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. Information technology is important to our business operations, and we are committed to protecting the privacy, security and integrity of the data we use in our business, as well as our employee and clinical data. The Company has a comprehensive cybersecurity program in place for assessing, identifying and managing cybersecurity risks that is designed to protect its systems and data from unauthorized access, use or other security impact. This program is integrated into the Company s overall Enterprise Risk Management and Resiliency process. We continuously monitor and update our information technology networks and infrastructure to prevent, detect, address and mitigate risks associated with unauthorized access, misuse, computer viruses and other events that could have a security impact. We invest in industry standard security technology to protect the Company s data and business processes against risk of cybersecurity incidents. Our data security management program includes identity, trust, vulnerability and threat management business processes, as well as adoption of standard data protection policies. In terms of governance and oversight, the following is in place to enhance transparency and accountability in cybersecurity management: Responsibility Assignment : The Company s Chief Operating Officer (COO) assumes a pivotal role in overseeing the cybersecurity risk management program. The COO collaborates with business leaders on the matters of cybersecurity across the Company. Board Oversight : Cybersecurity risks fall within the purview of the Audit Committee and, ultimately, the Board of Directors. Regular oversight and reviews occur at established intervals. The Audit Committee engages in discussions with the COO and Company management at least once a year, covering various aspects of cybersecurity risk management, including recent developments, evolving standards, vulnerability assessments, and the threat environment. We measure our data security effectiveness by benchmarking against industry-accepted methods and we work to remediate any significant findings. We maintain and routinely test backup systems and disaster recovery and also have processes in place to prevent disruptions resulting from our implementation of new software and systems. We have a comprehensive incident response plan to address cybersecurity incidents. Our incident response plan includes procedures for identifying, containing and responding to cybersecurity incidents and is subject to regular review and assessment to ensure that it is effective in protecting our information technology. To date, we believe that our cybersecurity program has been effective in protecting the confidentiality, integrity, and availability of its information however, the Company cannot guarantee that its cybersecurity program will be successful in preventing all cybersecurity incidents. Further, we currently maintain a cyber insurance policy that provides coverage for security breaches however, such insurance may not be sufficient in type or amount to cover us against claims related to security breaches, cyber-attacks and other related breaches. 84 Table of Contents We engage external parties, including consultants, computer security firms and risk management and governance experts, to enhance our cybersecurity oversight. In order to oversee and identify risks from cybersecurity threats associated with our use of third-party service providers, we also have a third-party risk management program designed to help protect against the misuse of information technology by third parties and business partners, which includes certification of our major technology suppliers and any outsourced services through accepted security certification standards. While we are regularly subject to cybersecurity attacks, ransomware and other security breaches, we have not experienced any material cybersecurity incidents or a series of related unauthorized occurrences for the year ended December 31, 2023. We do not believe that there are currently any known risks from cybersecurity threats that are reasonably likely to materially affect us or our business strategy, results of operations or financial condition.

Company Information