Page last updated on April 11, 2024
CVD EQUIPMENT CORP reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-28 16:01:12 EDT.
Filings
10-K filed on 2024-03-28
CVD EQUIPMENT CORP filed an 10-K at 2024-03-28 16:01:12 EDT
Accession Number: 0001493152-24-011730
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
Item 1C. Cybersecurity We have implemented a risk-based approach to identify and assess the cybersecurity threats that could affect our business and information systems. We use recognized commercially reasonable measures, tools, and methodologies to manage cybersecurity risk, which are tested regularly. We also monitor and evaluate our cybersecurity posture on an ongoing basis through regular malware scans, penetration tests, and third-party reviews. Specific controls that are used to some extent include endpoint threat detection, identity and access management (IAM), privileged access management (PAM), logging and monitoring, multi-factor authentication (MFA), firewalls and intrusion detection and prevention, and vulnerability and patch management. To manage our material risks from cybersecurity threats and to protect against, detect, and prepare to respond to cybersecurity incidents, we undertake the below listed activities: Monitor emerging data protection laws and implement changes to our compliance processes Conduct annual cybersecurity assessments for employees who use our system to evaluate training needs Conduct onboarding and cyber security training for all employees on an ongoing basis Conduct regular phishing email simulations for all employees and Carry cybersecurity risk insurance that protects against the potential losses from a cybersecurity incident. Our incident response plan coordinates the activities that we and our third-party cybersecurity provider take to prepare to respond to and recover from cybersecurity incidents. These include processes to triage, assess severity, investigate, escalate, contain, and remediate an incident, as well as to comply with potentially applicable legal obligations and mitigate brand and reputational damage. We have an IT continuity plan that we continuously review and update in line with our evolving applications architecture. Our Board of Directors and Audit Committee oversee our cybersecurity efforts to ensure effective governance in managing risks associated with cybersecurity threats. Our Director of Information Technology provides periodic updates to the Board of Directors and Audit Committee regarding our cybersecurity program, including status updates on various projects to enhance our overall cybersecurity posture. We describe whether and how risks from cybersecurity threats have or are reasonably likely to affect our financial position, results of operations, and cash flows under the heading Risk related to cybersecurity, intellectual property and regulatory compliance, which is included as part of Item 1A. Risk Factors of this Annual Report on Form 10-K, which disclosures are incorporated by reference herein.
Company Information
| Name | CVD EQUIPMENT CORP |
| CIK | 0000766792 |
| SIC Description | Special Industry Machinery, NEC |
| Ticker | CVV - Nasdaq |
| Website | |
| Category | Non-accelerated filer Smaller reporting company |
| Fiscal Year End | December 30 |