Spectaire Holdings Inc. 10-K Cybersecurity GRC - 2024-03-29

Page last updated on April 11, 2024

Spectaire Holdings Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-29 06:08:51 EDT.

Filings

10-K filed on 2024-03-29

Spectaire Holdings Inc. filed an 10-K at 2024-03-29 06:08:51 EDT
Accession Number: 0001213900-24-027572

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. We operate in the emissions measurement sector, which is subject to various cybersecurity risks that could adversely affect our business, financial condition, and results of operations, including intellectual property theft fraud extortion harm to employees or customers violation of privacy laws and other litigation and legal risk and reputational risk. We use various tools and methodologies to manage cybersecurity risk that are tested on a regular cadence. We also monitor and evaluate our cybersecurity posture and performance on an ongoing basis through regular vulnerability scans, penetration tests and threat intelligence feeds. We require third-party service providers with access to personal, confidential or proprietary information to implement and maintain comprehensive cybersecurity practices consistent with applicable legal standards and industry best practices. We design and assess our program based on the PCI-DSS, GDPR, and OWASP cybersecurity frameworks. This does not imply that we meet any particular technical standards, specifications, or requirements, only that we use the frameworks as a guide to help us identify, assess and manage cybersecurity risks relevant to our business. Our business depends on the availability, reliability, and security of our information systems, networks, data, and intellectual property. Any disruption, compromise, or breach of our systems or data due to a cybersecurity threat or incident could adversely affect our operations, customer service, product development, and competitive position. They may also result in a breach of our contractual obligations or legal duties to protect the privacy and confidentiality of our stakeholders. Such a breach could expose us to business interruption, lost revenue, ransom payments, remediation costs, liabilities to affected parties, cybersecurity protection costs, lost assets, litigation, regulatory scrutiny and actions, reputational harm, customer dissatisfaction, harm to our vendor relationships, or loss of market share. We have not identified any risks from known cybersecurity threats, including as a result of any cybersecurity incidents, which have materially affected or are reasonably likely to materially affect our Company, including our business strategy, results of operations, or financial condition. The company is currently in the process of implementing a more formalized cybersecurity program. 41 Cybersecurity Risk Management and Governance : Our cybersecurity risk management program adheres to a comprehensive set of requirements and recommendations, including but not limited to those outlined by the Payment Application Data Security Standard (PA-DSS). This entails refraining from retaining complete card validation, code, or value, as well as PIN block data associated with access or payment cards. Stored account holder data is rigorously protected, and robust authentication features are provided to ensure secure access. All activities, including sampling, telematics, payments, and transactions, are securely logged. Measures are in place to safeguard wireless transmissions and conduct vulnerability tests on access points, portals, and payment applications. Network implementation is meticulously secured, with stringent protocols ensuring that account holder data is never stored on servers directly connected to the internet. The program also facilitates secure remote software updates and access to portals and payment applications. Encryption protocols are employed to safeguard sensitive traffic over public networks, and additional measures such as anti-tampering protection for emissions data and carbon credits issuance are implemented. Encrypted offsite backups are maintained, and a robust disaster recovery plan is in place to mitigate potential risks effectively. Cybersecurity Leadership and Committee: Our Chief Information Officer (CIO), Rui Mendes, leads our cybersecurity initiatives. Our CIO s experience includes co-founding 3RDGP Limited/Corsario, a third-generation payments company, specializing in issuing and acquiring technology solutions. Prior to 3RDGP, he co-founded Carta Worldwide, a global leader in digital enablement and payments processing technology. Mr. Mendes is associated with multiple digital enablement solutions over the past fifteen years, including the world s first integration by a global processor of the Mastercard Mobile Over-the-Air Provisioning Service (MOTAPS) in conjunction with MasterCard Worldwide. Additionally, Mr. Mendes oversaw the development of the Token Processing Appliance (TPA) solution that enables Host Card Emulation (HCE) and Tokenization deployment to simplify on-premises implementation of Cloud-based payments. External Support and Third-Party Risk Management : To strengthen our cybersecurity posture, we engage with external assessors, auditors, and consultants for regular risk assessments, penetration testing, and vulnerability analyses, allowing for proactive identification and mitigation of potential threats. We also rigorously verify the cybersecurity practices of our third-party service providers, vendors, and partners, conducting due diligence before establishing relationships and ongoing monitoring to verify compliance with our cybersecurity standards.

Company Information