DATA I/O CORP 10-K Cybersecurity GRC - 2024-03-27

Page last updated on April 11, 2024

DATA I/O CORP reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-27 16:29:47 EDT.

Filings

10-K filed on 2024-03-27

DATA I/O CORP filed an 10-K at 2024-03-27 16:29:47 EDT
Accession Number: 0001654954-24-003750

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity CYBERSECURITY GOVERNANCE The Company s Board of Directors, as a whole, has oversight responsibility for our strategic and operational risks. The Audit Committee of the Board of Directors is responsible for board-level oversight of cybersecurity risk, however the full Board is typically present for Information Technology (IT) and Cybersecurity briefings. As part of it s oversight role, the Audit Committee receives reporting about the Company s cybersecurity program, activities, threats and incidents (if any) through periodic updates. The cybersecurity program is managed by our outsourced IT infrastructure team with oversight and coordination by our CFO, who reports directly to our CEO. Utilization of an outsourced IT infrastructure team allows Data I/O to access the necessary breadth and depth of leading cybersecurity programs, staff, expertise, and tools. The IT infrastructure team monitors the prevention, mitigation, detection, and remediation of cybersecurity incidents through their management of the cybersecurity function, including the operation of the Company s incident response plans, which include appropriate escalation to the CFO, CEO and the Audit Committee. 19 Table of Contents CYBERSECURITY RISK MANAGEMENT AND STRATEGY The Company has processes in place to identify, assess, and monitor material risks from cybersecurity threats, which are part of the Company s overall cybersecurity risk management and have been embedded in the information systems operating procedures and internal controls. Our IT function manages IT operations and continually evolves and enhances our systems to meet the constantly changing digital environment. Periodic cybersecurity risk assessments are performed to identify, assess, and prioritize potential risks to information, data assets, infrastructure and third party vendors. Additionally, a third-party review and testing of the financial controls over IT as part of our Sarbanes-Oxley internal controls testing is performed annually. The Company addresses significant risks through corrective or mitigating actions as necessary. The Company has also established cybersecurity and information security awareness training programs. Employees with access to the Company s network receive annual training on topics such as phishing, malware, and other cybersecurity risks. Training is administered and tracked through online learning modules with ongoing follow-up testing. All employees and contractors enter into non-disclosure confidentiality agreements. We work to continually evolve our systems to meet the constantly changing digital environment and continue to invest in the cybersecurity and resiliency of our networks and to enhance our internal controls and processes, which are designed to help protect our systems and infrastructure, and the information they contain. There have been no risks from cybersecurity threats that have materially affected or are reasonably likely to materially affect our business strategy, results of operations or financial condition. The nature of potential cybersecurity risks and threats are uncertain, and any future incidents, outages or breaches could have a material adverse effect on the Company s business, financial conditions or results of operations. For more information about the cybersecurity risks we face, refer to the Risk Factors in section Cybersecurity Risks in Part I, Item 1A, “Risk Factors”.

Company Information