HeartBeam, Inc. 10-K Cybersecurity GRC - 2024-03-20

Page last updated on April 11, 2024

HeartBeam, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-20 16:09:47 EDT.

Filings

10-K filed on 2024-03-20

HeartBeam, Inc. filed an 10-K at 2024-03-20 16:09:47 EDT
Accession Number: 0001779372-24-000002

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Cybersecurity Risk Management In the ordinary course of our business, we use, store, and process data including data of our employees, partners, collaborators, and vendors. We also have implemented advanced data protection measures, including encryption, data masking, and secure data storage solutions, to protect patient data and other sensitive information from unauthorized access or disclosure. We are in the process of implementing a cybersecurity risk management program that is evolving to identify, assess, and manage cybersecurity risks associated with our digital healthcare technologies and operations. This encompasses continuously enhancing our safeguarding measures for proprietary ECG telemedicine technology, cloud-based software, and sensitive health data from cyber threats, ensuring compliance with relevant healthcare and data protection regulations, and actively maintaining the integrity, availability, and confidentiality of patient and company information. Our cybersecurity risk management program includes a number of components, such as ongoing information security program assessments and continuous monitoring of critical risks from cybersecurity threats using automated tools. We leverage a combination of internal and external resources to continuously update our intelligence about emerging cybersecurity threats. This includes subscribing to threat intelligence feeds, participating in industry-specific security forums, and collaborating with cybersecurity organizations. We also employ state-of-the-art automated security systems that are regularly updated to recognize and respond to the latest cybersecurity threats. Automated alerts notify our security team of potential threats in real-time, enabling rapid assessment and response. Additionally, we have implemented an employee education program that is regularly updated to raise awareness of cybersecurity threats, including phishing awareness, secure password practices, and the proper handling of sensitive information. This training is included during the employee onboarding process and is revisited periodically. As part of our cybersecurity risk management program, we maintain processes to assess and review the cybersecurity practices of third-party vendors on an ongoing basis. Prior to engaging third-party vendors, all vendors are subjected to rigorous security assessments before engagement and are regularly re-assessed, and, as appropriate, include cybersecurity requirements in contracts. We, like other companies in our industry, face a number of cybersecurity risks in connection with our business. Although our business strategy, results of operations, and financial condition have not, to date, been materially affected by risks from cybersecurity threats, including as a result of previously identified cybersecurity incidents, we have, from time to time, experienced threats to and security incidents related to our data and systems, including phishing attacks. For more information on our cybersecurity related risks, see Risk Factors- We rely significantly on information technology and any failure, inadequacy, or security lapse of that technology, including any cybersecurity incidents, could harm us. Governance Under the ultimate direction of our chief executive officer (CEO), our executive management team, including our President, Chief Technology Officer (CTO), Director of Platform IT and Chief Information Security Officer (CISO), and Vice President of Regulatory Affairs, along with oversight from our Audit Committee of the Board of Directors, is tasked 38 with the continuous assessment, operation, and management of our cybersecurity threat management program. Our CTO leads the ongoing development of the Company’s cybersecurity program, oversees the implementation of cybersecurity measures, and manages the response to cybersecurity incidents. The Director of Platform IT and CISO meets periodically with our Vice President of Regulatory Affairs to discuss the evolving cybersecurity landscape and our cybersecurity risk management program, including providing updates regarding the sources and nature of critical risks we face and how the IT department assesses those risks, including the likelihood of such risks, the severity of impact, and the progress on vulnerability remediation. Our Director of Platform IT and CISO regularly consults with other members of our information technology department, and with third parties with expertise in cybersecurity, to develop strategies to assess, address and align our continuous cybersecurity efforts with our business objectives and operational requirements. The Director of Platform IT and CISO role is currently held by an individual who has over 12 years of experience with information security and business systems, including digital infrastructure and cybersecurity. As part of our Board of Directors , or Board s, enterprise risk management program, our Board has responsibility for oversight of cybersecurity risk management. Our Board has delegated to our Audit Committee oversight of our cybersecurity risk management program, including oversight of information security and cybersecurity threats and related compliance and disclosure requirements. On a quarterly basis, our finance team provides an update to our Audit Committee regarding our cybersecurity risk management program, including as relates to critical cybersecurity risks, ongoing cybersecurity initiatives and strategies, and applicable regulatory requirements and industry standards. The Audit Committee periodically reports on cybersecurity risk management to the full Board of Directors.

Company Information