FGI Industries Ltd. 10-K Cybersecurity GRC - 2024-03-26

Page last updated on April 11, 2024

FGI Industries Ltd. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-26 16:51:12 EDT.

Filings

10-K filed on 2024-03-26

FGI Industries Ltd. filed an 10-K at 2024-03-26 16:51:12 EDT
Accession Number: 0001558370-24-003958

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Cybersecurity is an important part of our risk management program for our Board and management. The Company maintains a robust cybersecurity infrastructure to safeguard our operations, networks and data through directory-based identity-related services for operation account security, firewall policies and periodical vulnerability threat scanning for network security and email-layer and endpoint-layer protections for data integrity on systems and user devices. The Company s Director of IT is responsible for assessing, identifying, and managing the risks from cybersecurity threats. Our Director of IT has over 15 years of experience in information security positions and holds Master s degree in computer information systems. We also have constituted a cross-functional Cybersecurity Committee, comprised of Chairman, CFO, Management of Business Operations and Human Resources, which meets regularly to review enterprise-wide cybersecurity matters. Our Board of Directors oversees management’s approach to managing cybersecurity risks. The Board of Directors is charged with overseeing the Company s risk management program, which includes cybersecurity matters. The Board of Directors routinely engages with relevant management on a range of cybersecurity-related topics, including the threat of environment and vulnerability assessments and policies and practices and receives updates on technology trends and regulatory developments from the Director of IT periodically. We use a risk-based approach to identify, assess, protect, detect, respond to and recover from cybersecurity threats, derived from COSO framework. Our information security program includes, among other aspects, vulnerability management, antivirus and malware protection, access control, and employee training. Risks identified by the Director of IT and other cybersecurity personnel are analyzed to determine the potential impact on us and the likelihood of occurrence. Such risks are continuously monitored to ensure that the circumstances and severity of such risks have not changed. The Director of IT also routinely discusses trends in cyber risks and our strategy with our Cybersecurity Committee and management on a regular basis, in addition to an annual review and discussion with the full board. In addition, we endeavor to apprise employees of emerging risks and require them to undergo bi-annual security awareness trainings and supplemental trainings as needed. Additionally, we conduct periodic internal exercises to gauge the effectiveness of the trainings and assess the need for additional training. Material cybersecurity incidents are required to be reported to the Board of Directors. As of the date of this report, we are not aware of any risks from cybersecurity threats that have materially affected or are reasonably likely to materially affect our business strategy, results of operations, or financial condition.

Company Information