Healthier Choices Management Corp. 10-K Cybersecurity GRC - 2024-03-27

Page last updated on April 11, 2024

Healthier Choices Management Corp. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-27 17:01:16 EDT.

Filings

10-K filed on 2024-03-27

Healthier Choices Management Corp. filed an 10-K at 2024-03-27 17:01:16 EDT
Accession Number: 0001493152-24-011537

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity We believe cybersecurity is critical importance to our success. We are susceptible to a number of significant and persistent cybersecurity threats, including those common to most industries as well as those we face as a retailer, operating in an industry characterized by a high volume of customer transactions and collection of sensitive data. These threats, which are constantly evolving, include data breaches, ransomware, and phishing attacks. We, and our vendors and suppliers, regularly face attempts by malicious actors to breach our security and compromise our information technology systems. A cybersecurity incident impacting us or any vendor or supplier could significantly disrupt our operations and result in damage to our reputation, costly litigation and/or government enforcement action. Accordingly, we are committed to maintaining robust cybersecurity and data protection and continuously evaluate the impact of cybersecurity threats, considering both immediate and potential long-term effects of these threats on our business strategy, operations, and financial condition. Under the oversight of our Board of Directors, our management has established comprehensive processes for identifying, assessing and managing material risks from cybersecurity threats, and these processes are integrated into our overall enterprise risk management program. Our approach is proactive and adaptive, featuring regular security assessments, third-party audits, team member training, and continuous improvement of our cybersecurity infrastructure. We work to align our practices with industry best practices and regulatory standards. Our processes include detailed response procedures to be followed in the event of a cybersecurity incident, which outline steps to be followed from detection to assessment to notification and recovery, including internal notifications to management, the risk committee and the Board, as appropriate. 14 Members of management, including our Chief Operating Officer, provide the Board updates on cybersecurity risk matters on a quarterly basis and more frequently if circumstances dictate. In these updates, members of the Board apprised of cybersecurity incidents that are deemed to have had a moderate or higher impact even if immaterial to us. In addition, management regularly discusses with among themselves the risks related to cybersecurity and critical systems in order to provide input on the appropriate level of risk for our company and reviews management s strategies for adequately mitigating and managing the identified risks. Management regularly update our full Board with respect to cybersecurity matters. Our Chief Operating Officer is primarily responsible for managing material risks from cybersecurity threats, and is supported by third party cybersecurity specialists. Management participates in periodic training and education on cybersecurity related topics. We engage specialized cybersecurity consultants and leverage third-party expertise to bolster our cybersecurity defenses. Our enterprise risk management program is designed to identify, prioritize and assess a broad range of risks, including risks from cybersecurity threats, that may affect our ability to execute our corporate strategy and fulfill our business objectives. The following is a list of measures that were implemented as part of our increased focus on cybersecurity: Complete endpoint protection - All endpoints have been covered by an enhanced endpoint protection agent. Cloud infrastructure - Critical infrastructure started moving to the cloud and protected by enhanced anti-virus and recurring backup policies. Email services have been put through a rigorous intelligent phishing and spam filter to prevent attacks In addition, our third-party vendors and service providers play a role in our cybersecurity. These third parties are integral to our operations but pose cybersecurity challenges due to their access to our data and our reliance for various aspects of our operations, including our supply chain. We conduct due diligence before onboarding new vendors and maintain ongoing evaluations to ensure compliance with our security standards. As of the date of this report, no cybersecurity incidents have had, either individually or in the aggregate, a material adverse effect on our business, financial condition or results of operations. Notwithstanding the extensive approach we take to cybersecurity, we may not be successful in preventing or mitigating a cybersecurity incident that could have a material adverse effect on us.

Company Information