MILESTONE SCIENTIFIC INC. 10-K Cybersecurity GRC - 2024-03-29

Page last updated on July 2, 2024

MILESTONE SCIENTIFIC INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-29 13:44:09 EDT.


10-K filed on 2024-03-29

MILESTONE SCIENTIFIC INC. filed an 10-K at 2024-03-29 13:44:09 EDT
Accession Number: 0001437749-24-010029

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. Governance Related to Cybersecurity Risks Our board of directors, as a whole and through its committees, holds overall oversight responsibility for our risk management processes, including in relation to risks from cybersecurity threats. Our board of directors exercises its oversight function through the audit committee, which oversees the management of risk exposure across various areas, including cybersecurity risks, in accordance with its charter. The audit committee receives quarterly reports from our Management on the status of our cybersecurity program. The Chair of the audit committee provides a quarterly report to the board of directors, which includes any key updates on cybersecurity matters, as applicable. Our management team is responsible for the day-to-day administration and management of our cybersecurity program, under the direct supervision of our Chief Executive Officer currently we also work with external security service providers to support our security monitoring and threat detection capabilities and have implemented a process to report relevant findings to the Chair of audit committee where appropriate. Cybersecurity Risk Management and Strategy We maintain a cybersecurity program, which includes processes for identification, assessment, and management of cybersecurity risks. We conduct periodic risk assessments, including with support from external vendors, to assess our cyber program, identify potential areas of enhancement, and develop strategies for the mitigation of cyber risks. We have implemented a process to periodically conduct security awareness training for employees. Our team is informed about and monitor the prevention, detection, mitigation, and remediation of cybersecurity risks through various means, including by leveraging a managed security service provider and other third-party security software and technology services. In addition, we use third-party security solutions, monitoring, and alerting tools and resources, designed to monitor, identify, and address risks from cybersecurity threats. We also have implemented processes and technologies for network monitoring and data loss prevention procedures, and from time to time review such processes and technologies. We have not identified any cybersecurity incidents or threats that have materially affected us or are reasonably likely to materially affect us, including our business strategy, results of operations or financial condition; however, like other companies in our industry, we and our third-party vendors may, from time to time, experience threats and security incidents relating to our and our third-party vendors’ information systems. See Item 1A “Risk Factors” in this Annual Report on Form 10 K for more information.

Company Information

SIC DescriptionOrthopedic, Prosthetic & Surgical Appliances & Supplies
CategoryNon-accelerated filer
Smaller reporting company
Fiscal Year EndDecember 30