DatChat, Inc. 10-K Cybersecurity GRC - 2024-03-29

Page last updated on April 11, 2024

DatChat, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-29 16:26:47 EDT.

Filings

10-K filed on 2024-03-29

DatChat, Inc. filed an 10-K at 2024-03-29 16:26:47 EDT
Accession Number: 0001213900-24-027991

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Our cybersecurity team, led by our Chief Technology Officer, Peter Shelus, uses a multi-pronged approach to assessing, identifying, and managing material risks from cybersecurity threats. This approach includes identifying and assessing risks through: (1) an enterprise risk management program, which is periodically refreshed and includes an identification of our top risks, including cybersecurity risks (2) formalized security and privacy reviews designed to identify risks from many new features, software, and vendors (3) a vulnerability management program designed to identify hardware and software vulnerabilities (4) an internal red team program, which simulates cyber threats, intended to allow us to fix vulnerabilities before threat actors identify them (5) a threat intelligence program designed to model and research our adversaries and (6) a privacy and security incident response program designed to investigate, respond to, and remediate known incidents. These processes vary in scope and maturity across the business and are processes we work to continually improve. Our risk management approach is supplemented by external and internal enterprise risk management audits, which are designed to test the effectiveness of our security controls. We conduct penetration testing on a periodic basis, and have established an external bug bounty program to allow security researchers to help identify vulnerabilities and weaknesses in our controls and configurations in our systems. We also maintain a vendor risk management program designed to identify and mitigate potential risks associated with third-party suppliers and business partners. This program includes pre-engagement diligence, use of contractual cybersecurity and notification provisions, and ongoing monitoring of vendors, as appropriate. We use third-party service providers to assist us from time to time to identify, assess, and manage material risks from cybersecurity threats, including for example professional service firms (including legal counsel), threat intelligence services, and cybersecurity consultants. The material cybersecurity threats identified through these processes are managed by our CISO and, where appropriate, our risk and compliance committee, in consultation with management. Together, they identify responsive actions for inclusion in our annual strategic planning, or earlier resolution depending on the nature of the risk. For a description of the risks from cybersecurity threats that may materially affect us and how they may do so, see Risk Factors in Part I, Item 1A in this Annual Report on Form 10-K.

Company Information