HELIUS MEDICAL TECHNOLOGIES, INC. 10-K Cybersecurity GRC - 2024-03-28

Page last updated on April 11, 2024

HELIUS MEDICAL TECHNOLOGIES, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-28 16:30:57 EDT.

Filings

10-K filed on 2024-03-28

HELIUS MEDICAL TECHNOLOGIES, INC. filed an 10-K at 2024-03-28 16:30:57 EDT
Accession Number: 0001558370-24-004260

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Our corporate information technology, communication networks, enterprise applications, accounting and financial reporting platforms, and related systems are necessary for the operation of our business. We use these systems, among others, to manage our product development, to communicate internally and externally, to operate our accounting and record-keeping functions, to store and access data including sensitive patient data and for many other key aspects of our business. Our business operations rely on the secure collection, storage, transmission, and other processing of proprietary, confidential, and sensitive data. Risk Management and Strategy We recognize the importance of assessing, identifying, and managing material risks associated with cybersecurity threats, as such term is defined in Item 106(a) of Regulation S-K. These risks include, among other things: operational risks, intellectual property theft, fraud, extortion, harm to employees, customers or patients, violation of data privacy or security laws, litigation, and legal, financial and reputational risk. In coordination with third-party consultants, we have implemented and maintain various information security processes designed to identify, assess and manage material risks from cybersecurity threats to our critical systems and data. Depending on the environment, we implement and maintain various technical, physical, and organizational measures, processes, standards, and/or policies designed to manage and mitigate material risks from cybersecurity threats to our information systems and data, including risk assessments, incident detection and response, vulnerability management, disaster recovery and business continuity plans, internal controls within our accounting and financial reporting functions, encryption of data, network security controls, access controls, physical security, asset management, systems monitoring, vendor risk management program and employee training. We conduct annual reviews and tests of our information security program to evaluate its effectiveness and improve our security measures and planning. To operate our business, we utilize certain third-party service providers and vendors to support a variety of functions. We seek to engage reliable, reputable service providers and vendors that maintain cybersecurity programs, and we implement a vetting process to ensure that all third-party service providers and venders comply with our cybersecurity program requirements. Depending on the nature of the services provided, the sensitivity and quantity of information processed, and the identity of the service provider, our vendor management process may include reviewing the cybersecurity practices of such provider, contractually imposing obligations on the provider, conducting security assessments, and conducting periodic reassessments during their engagement. We are not aware of any risks from cybersecurity threats, including as a result of any cybersecurity incidents, which have materially affected or are reasonably likely to materially affect our Company, including our business strategy, results of operations, or financial condition. Governance Our Board of Directors holds oversight responsibility for the Company s strategy and risk management, including material risks related to cybersecurity threats. Oversight of such cybersecurity risks is executed directly by the Board of Directors. The Board receives reports and engages in regular discussions with management regarding the Company s significant risk exposures resulting from material cybersecurity threats and the measures implemented to monitor and reasonably manage these risks. 52 Table of Contents Our Director of Information Technology leads our information security organization and reports to our Chief Executive Officer and Chief Financial Officer on matters related to cybersecurity who then in turn report to the Board of Directors any material information regarding such cybersecurity matters. Our Director of Information Technology has over 30 years of IT experience and has developed a focus of experience in the healthcare industry.

Company Information