ENTREPRENEUR UNIVERSE BRIGHT GROUP 10-K Cybersecurity GRC - 2024-03-28

Page last updated on April 11, 2024

ENTREPRENEUR UNIVERSE BRIGHT GROUP reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-28 17:00:49 EDT.

Filings

10-K filed on 2024-03-28

ENTREPRENEUR UNIVERSE BRIGHT GROUP filed an 10-K at 2024-03-28 17:00:49 EDT
Accession Number: 0001213900-24-027301

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Cybersecurity Risk Management and Strategy We recognize the importance of assessing, identifying, and managing material risks associated with cybersecurity threats, as such term is defined in Item 106(a) of Regulation S-K. These risks include, among other things: operational risks, intellectual property theft, fraud, extortion, harm to employees or customers and violation of data privacy or security laws. Identifying and assessing cybersecurity risk is integrated into our overall risk management systems and processes. We are a holding company and our operations are conducted substantially in China by our Hong Kong and China subsidiaries. Our PRC subsidiary, the main operating entity of ours, has implemented comprehensive internal policies and measures on protection of cyber security, data privacy and personal information to make sure its compliance with relevant PRC laws and regulations. The main internal policies and measures are as follows: (i) for customer data processing, our PRC subsidiary deploys the access control mechanism on the server side, adopts the principle of minimum authorization for the staff who may contact end users personal data (ii) our PRC subsidiary s operating systems and database systems have password complexity requirements (iii) our PRC subsidiary has established Information Security Committee and appoints the CEO, Mr. Tao Guolin to be the head of the committee (iv) our PRC subsidiary has formulated a cybersecurity contingency plan and will conduct training and safety drills every year in preparation for any emergency cybersecurity incidents and (v) our PRC subsidiary has established data privacy policies to ensure that its collection of data is conducted in accordance with applicable laws and regulations and that the collection is for legitimate purposes as set out in its agreements. In compliance with PRC laws and regulations with respect to data security in all material aspects, we have implemented comprehensive internal policies and measures on protection of cyber security, data privacy and personal information as listed above. In addition, while we take various measures to comply with all applicable data privacy and protection laws and regulations, there is no guarantee that our current security measures and those of our third-party service providers may always be adequate for the protection of our customer, employee or company data and like all companies, we have experienced data incidents from time to time. In addition, given the size of our customer base and the types and volume of personal data on our system, we may be a particularly attractive target for computer hackers, foreign governments or cyber terrorists. Unauthorized access to our proprietary internal and customer data may be obtained through break-ins, sabotage, breach of our secure network by an unauthorized party, computer viruses, computer denial-of-service attacks, employee theft or misuse, breach of the security of the networks of our third-party service providers, or other misconduct. Because the techniques used by computer programmers who may attempt to penetrate and sabotage our proprietary internal and customer data change frequently and may not be recognized until launched against a target, we may be unable to anticipate these techniques. Unauthorized access to our proprietary internal and customer data may also be obtained through inadequate use of security controls. Any of such incidents may harm our reputation and adversely affect our business and results of operations. In addition, we may be subject to negative publicity about our security and privacy policies, systems, or measurements from time to time. Any failure to prevent or mitigate security breaches, cyber-attacks or other unauthorized access to our systems or disclosure of our customers data, including their personal information, could result in loss or misuse of such data, interruptions to our service system, diminished customer experience, loss of customer confidence and trust, impairment of our technology infrastructure, and harm our reputation and business, resulting in significant legal and financial exposure and potential lawsuits and could cause the value of such securities to significantly decline or be worthless. In addition, any violation of the provisions and requirements under relevant laws and regulations with respect to cyber security, data security and personal information protection may subject us to rectifications, warnings, fines, confiscation of illegal gains, suspension of the related business, revocation of licenses, cancellation of qualifications being entered into the relevant credit record or even criminal liabilities. 60 Cybersecurity Governance Our board of directors currently do not oversees our cybersecurity program, and have delegated the oversight to our PRC subsidiary which established its Information Security Committee headed by our CEO, Mr. Tao Guolin to be the head of the committee. The Information Security Committee will provide the board of directors occasional updates on the effectiveness of our cybersecurity program.

Company Information