Motus GI Holdings, Inc. 10-K Cybersecurity GRC - 2024-03-18

Page last updated on April 11, 2024

Motus GI Holdings, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-18 16:11:07 EDT.

Filings

10-K filed on 2024-03-18

Motus GI Holdings, Inc. filed an 10-K at 2024-03-18 16:11:07 EDT
Accession Number: 0001493152-24-010314

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. Cybersecurity Cybersecurity Risk Management We, like other companies in our industry, face a number of cybersecurity risks in connection with our business. Our business strategy, results of operations, and financial condition have not, to date, been affected by risks from cybersecurity threats. During the reporting period, we have not experienced any material cyber incidents, nor have we experienced a series of immaterial incidents, which would require disclosure. In the ordinary course of our business, we use, store and process data including data of our employees, partners, collaborators, and vendors. We have implemented a cybersecurity risk management program that is designed to identify, assess, and mitigate risks from cybersecurity threats to this data and our systems. Our cybersecurity risk management program incorporates several components, including information security program assessments, continuous monitoring of cyber risks and threats using automated tools, on-premises and cloud backups, periodic threat testing, and employee training. Under the direction of executive management, our cyber risk management program is led by a third-party IT consultant with Microsoft Cybersecurity Architect Expert certifications. We deploy endpoint detection software and device management in conjunction with other reputable cybersecurity software. We require multifactor authentication across all systems and utilize access control policies to further limit access to data within the systems. We periodically engage third parties to conduct risk assessments, including penetration testing and other vulnerability analyses. Our finance department, with the assistance of outside technical advisors, regularly conducts internal assessments of different systems to evaluate the efficacy of our risk management processes. As a result of these assessments and testing, we have evaluated known risks and hardened both our on-premises and cloud-based environments. Additionally, our program includes cybersecurity training and testing for all employees during onboarding and quarterly thereafter. The training focuses on cyber threat awareness, phishing, and other attack methods and is supplemented by testing initiatives, including semi-annual phishing tests. Governance Under the ultimate direction of our Chief Executive Officer and our executive management team, with oversight from our Audit Committee of the Board of Directors ( Audit Committee ), we maintain a security governance structure to evaluate and address cyber risk. Our executive management team regularly consults with our third-party IT consultant who has expertise in cybersecurity to develop strategies to assess, address and align cybersecurity efforts with our business objectives and operational requirements. Our Board of Directors is responsible for the oversight of cybersecurity risk management. Our Board has delegated regular oversight of the cybersecurity risk management program to our Audit Committee, which includes oversight of information security and cybersecurity threats and related compliance and disclosure requirements. On a quarterly basis, our executive management team provides an update to our Audit Committee regarding our cybersecurity risk management program, including any critical cybersecurity risks, ongoing cybersecurity initiatives and strategies, and applicable regulatory requirements and industry standards. The executive management team also notifies the Audit Committee of any cybersecurity incidents (suspected or actual) and provides updates on the incidents as well as cybersecurity risk mitigation activities as appropriate.

Company Information