Elevai Labs Inc. 10-K Cybersecurity GRC - 2024-03-29

Page last updated on April 11, 2024

Elevai Labs Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-29 06:19:21 EDT.

Filings

10-K filed on 2024-03-29

Elevai Labs Inc. filed an 10-K at 2024-03-29 06:19:21 EDT
Accession Number: 0001213900-24-027576

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. We believe cybersecurity risk management is an important part of its overall risk management efforts. The Company has a policy of transparency regarding our data collection, use, retention and sharing practices, and it is our commitment to implement appropriate technical security measures to protect all Company stakeholders and manage third party risk. Our operations may, in some cases, involve the storage, transmission and other processing of customer and research data or sales information. Cyberattacks and other malicious internet-based activity continue to increase, and cloud-based platform providers of services are expected to continue to be targeted. Threats include traditional computer hackers, malicious code (such as viruses and worms), phishing attacks, employee theft or misuse and denial-of-service attacks, and use of artificial intelligence. We have not experienced cyberattacks in the past, and there can be no guarantee that in the future such cyberattacks will not be material. We maintain an information security program that is comprised of policies and controls designed to mitigate cybersecurity risk. However, at any given time, we face known and unknown cybersecurity risks and threats that are not fully mitigated, and we continuously work to enhance our information security program and risk management efforts. Depending on the environment and system, we implement and maintain various technical, physical, and organizational measures, processes, standards and policies designed to manage and mitigate material risks from cybersecurity threats, including, for example, periodic cybersecurity testing and cybersecurity awareness training for employees. The Company is actively engaged in identifying and managing cybersecurity risks. Protecting company data, non-public customer and employee data, and the systems that collect, process, and maintain this information is deemed critical. We use third-party service providers to perform a variety of functions throughout our business, including manufacturing our product candidates and assisting with R&D activities. Depending on the nature of the services provided, the sensitivity of the systems and data at issue, and the identity of the provider, our vendor contracting processes may include imposing certain contractual provisions related to privacy and cybersecurity. Cybersecurity Risk In 2018, the United States Securities and Exchange Commission (the SEC ) published interpretive guidance to assist public companies in preparing disclosures about cybersecurity risks and incidents. These SEC guidelines, and any other regulatory guidance, are in addition to notification and disclosure requirements under state and federal laws and regulations. If we fail to observe this regulatory guidance or standards, we could be subject to various regulatory sanctions, including financial penalties. State regulators have been increasingly active in implementing privacy and cybersecurity standards and regulations. Recently, several states have adopted regulations requiring certain financial institutions to implement cybersecurity programs and providing detailed requirements with respect to these programs, including data encryption requirements. Many states have also recently implemented or modified their data breach notification, information security and data privacy requirements. We expect this trend of state-level activity in those areas to continue and are continually monitoring developments where our customers are located. Risks and exposures related to cybersecurity attacks, including litigation and enforcement risks, are expected to be elevated for the foreseeable future due to the rapidly evolving nature and sophistication of these threats, as well as due to the expanding use of Internet banking, mobile banking, and other technology-based products and services by us. 56 Governance The Board, in coordination with the Audit Committee, oversees the Company s processes for assessing and managing risk. The Board and Audit Committee may review the measures implemented by the Company to identify and mitigate data protection and cybersecurity risks. The Company s Audit Committee is also responsible for overseeing cybersecurity risk and are informed in a timely manner of any incidents considered potentially serious, together with details on the prevention, detection, mitigation and remediation of such incidents. Risks from Cybersecurity Threats As of the date of this report, we are not aware of any material risks from cybersecurity threats that have materially affected or are reasonably likely to materially affect the Company, including our business strategy, results of operations, or financial condition. However, we cannot provide assurance that we will not experience any such event in the future. For a description of the risks from cybersecurity threats that may materially affect the Company and how they may do so, see our risk factors under Part 1. Item 1A. Risk Factors in this Annual Report on Form 10-K, including the risk entitled Our computer systems or data, or those of our collaborators or other contractors or consultants, maybe compromised, which could result in adverse consequences, including but not limited to regulatory investigations or actions litigation fines and penalties significant disruption of our product development programs and our ability to operate our business effectively reputational harm and other adverse consequences.

Company Information