SANUWAVE Health, Inc. 10-K Cybersecurity GRC - 2024-03-21

Page last updated on April 11, 2024

SANUWAVE Health, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-21 16:05:34 EDT.

Filings

10-K filed on 2024-03-21

SANUWAVE Health, Inc. filed an 10-K at 2024-03-21 16:05:34 EDT
Accession Number: 0001140361-24-014611

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. CYBERSECURITY Our management and Board of Directors (the Board ) recognize the importance of maintaining the security and resiliency of our cybersecurity environment to deliver on the expectations of our customers, business partners, employees, and investors. The Board is involved in our risk management practices. Overall, the purpose of our information security program is to protect the confidentiality, integrity and availability of our systems and data, along with the safe operation of our systems. Technical safeguards We deploy technical safeguards that are designed to protect our systems from cybersecurity threats, including firewalls, anti-malware software, and authentication and authorization controls. Security awareness and training We provide ongoing security awareness and training to educate internal users on how to identify and report potential issues. Phishing emails are discussed on a regular basis with employees to ensure proper protocols are followed. We also provide periodic updates to employees on emerging cybersecurity trends and ways to protect themselves and our company. Governance of Cybersecurity Risks The Audit Committee of the Board has the primary responsibility for oversight and review of guidelines and policies with respect to risk assessment and risk management, including cybersecurity. The Company s Chief Executive Officer, President, and Chief Financial Officer are responsible for assessing and managing cybersecurity risks. The Company s management periodically reports on cybersecurity issues and presents information to our Audit Committee as well as our full Board, as appropriate, on cybersecurity matters. Upon verifying that a cybersecurity incident has occurred or is occurring, the Chief Executive Officer, President and Chief Financial Officer will promptly conduct a preliminary assessment of the severity level of the cybersecurity incident. Following this assessment, the Chief Executive Officer will determine whether to report the cybersecurity incident to the Audit Committee, who will then report such cybersecurity incident to the Board as the chair deems appropriate. Material Impact of Cybersecurity Risks We have not experienced a material information security breach incident, and we are not aware of any cybersecurity risks that are reasonably likely to materially affect our business. However, future incidents could have a material impact on our business strategy, results of operations or financial condition. For additional discussion of the risks posed by cybersecurity threats, see Item 1A. Risk Factors Risks to our Business We are dependent on information technology and our systems and infrastructure face certain risks, including from cybersecurity breaches and data leakage. 31 Table of Contents

Company Information