Inrad Optics, Inc. 10-K Cybersecurity GRC - 2024-03-28

Page last updated on July 16, 2024

Inrad Optics, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-28 14:52:04 EDT.


10-K filed on 2024-03-28

Inrad Optics, Inc. filed a 10-K at 2024-03-28 14:52:04 EDT
Accession Number: 0001410578-24-000337

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Cybersecurity Risk Management We, like other companies in our industry, face cybersecurity risks in connection with our business. Our business strategy, results of operations, and financial condition have not, to date, been affected by risks from cybersecurity threats. During the reporting period, we have not experienced any material cyber incidents, nor have we experienced a series of immaterial incidents, which would require disclosure. In the ordinary course of our business, we collect and store sensitive data. To effectively prevent, detect, and respond to cybersecurity threats, we maintain a cyber risk management program, which is comprised of policies, standards, architecture, and processes. The cyber risk management program falls under the purview of our Controller, who serves as our head of the Information Technology (“IT”) systems and processes, and has cross-functional expertise in IT, cyber security, and more than 10 years of experience. Under the guidance of our Controller and Chief Financial Officer, we work with various third party consultants to help develop, maintain, and evidence the policies, standards, and processes in a manner consistent with applicable legal requirements and to evaluate/adopt cybersecurity software from reputable vendors in cybersecurity. We have implemented and maintain a cybersecurity risk management program that is designed to identify, assess, and mitigate risks from cybersecurity threats to this data and our systems and ensure the effectiveness of our security controls. Our cybersecurity risk management program is intended to address applicable NIST 800-171 and CMMC requirements. Our cybersecurity risk management program incorporates several components, including information security program assessments, continuous monitoring of critical risks from cybersecurity threats using automated tools, backup testing, and employee training. We deploy a wide range of security tools, require multifactor authentication across all systems, and utilize access control policies to further limit access to data within the systems. We periodically engage third parties, which are subject to our standards, policies, and procedure, to conduct risk assessments. As a result of these assessments and testing, we have responded to all known risks and are constantly strengthening our environment as applicable. Additionally, our program includes role-based privacy and cybersecurity training for all employees. Training occurs prior to accessing the system or performing assigned duties, when required by system changes, and annually thereafter. Governance Our Board of Directors (“Board”) is responsible for the oversight of cybersecurity risk management. Annually, and on an as needed basis, the Chief Financial Officer (“CFO”) provides updates to the Board on our cybersecurity risk management program, including any critical cybersecurity risks, ongoing cybersecurity initiatives and strategies, and applicable regulatory requirements and industry standards. The CFO also notifies the Board of any cybersecurity incidents (suspected or actual) and provides updates on the incidents as well as cybersecurity risk mitigation activities as appropriate.

Company Information

NameInrad Optics, Inc.
SIC DescriptionElectronic Components, NEC
TickerINRD - OTC
CategoryNon-accelerated filer
Smaller reporting company
Fiscal Year EndDecember 30