Apyx Medical Corp 10-K Cybersecurity GRC - 2024-03-21

Page last updated on April 11, 2024

Apyx Medical Corp reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-21 12:08:42 EDT.

Filings

10-K filed on 2024-03-21

Apyx Medical Corp filed an 10-K at 2024-03-21 12:08:42 EDT
Accession Number: 0000719135-24-000016

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity The Company s information security program is designed to preserve the accuracy and integrity of all forms of information processed by us and to protect such information, including our employees , customers and end users personally identifiable information and information related to our operations, from misuse, loss, or theft. Our information security program is founded on principles and standards of the National Institute of Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity issued by the U.S. government. The outsourced Chief Information Security Officer ( CISO ) works closely with the Chief Financial Officer to collectively manage our global information security, information technology and data privacy programs. The Company s information security program includes a robust set of controls and safeguards for the systems, applications, and databases of the Company and of its third-party vendors. The CISO manages the information security program and sets annual targets and security objectives. The program includes regular risk assessments and recurring internal and external audits to assess the program s maturity and effectiveness. The results of these assessments and audits help inform decisions to make program adjustments and ensure that the program s security objectives are effective and up to date. Additional features of our cybersecurity program include security controls, such as firewalls and intrusion detection systems data loss prevention tools penetration testing of network, cloud, and application platforms security assessments of our third-party vendors and security awareness education for our employees and specialized training for our information security specialists. We have implemented security monitoring capabilities, designed to alert us to suspicious activity and have developed an incident response program that includes periodic coordinated response exercises designed to restore business operations as quickly and as orderly as possible in the event of a breach. In the event of cyber incident which may be considered material under the SEC s disclosure rules, Apyx Medical has established a separate committee comprised of the CISO, Chief Financial Officer, Outside Counsel, Chief Executive Officer, and Department Heads, if necessary. This committee is responsible for determining whether a cyber incident, or series of incidents, is material and requires disclosure under Item 1.05 of Form 8-K as well as informing the Board of Directors about the incident from a risk oversight perspective. The Board of Directors oversees risks relating to cybersecurity. The CISO and CFO present to the Board of Directors on a quarterly basis and the results of the risk assessments and audits on at least an annual basis. These reports also include detailed updates on the Company s performance preparing for, preventing, detecting, responding to, and recovering from cyber incidents. Apyx outsources the majority of our IT services and security to a well-respected company in the industry. Failure of our information security program to prevent or detect a cyber incident could result in the compromise of Company and customer information, reputational damage, and/or financial loss. During the periods covered by this report, we did not experience any material cyber incidents and the expenses we incurred from cyber incidents were immaterial. While prior incidents have not had a material impact on us, future incidents could have a material adverse effect on our business, results of operations and cash flows. For additional information about our cybersecurity risks, see Item 1A Risk Factors on this Annual Report on Form 10-K. 23 Table of Contents APYX MEDICAL CORPORATION

Company Information