Cardio Diagnostics Holdings, Inc. 10-K Cybersecurity GRC - 2024-04-01

Page last updated on April 11, 2024

Cardio Diagnostics Holdings, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-04-01 17:15:46 EDT.

Filings

10-K filed on 2024-04-01

Cardio Diagnostics Holdings, Inc. filed an 10-K at 2024-04-01 17:15:46 EDT
Accession Number: 0001079973-24-000480

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy We have established policies and processes for assessing, identifying, and managing material risk from cybersecurity threats, and we have integrated these processes into our overall risk management program. We assess material risks from cybersecurity threats, including any potential unauthorized occurrence on or conducted through our information systems that may result in adverse effects on the confidentiality, integrity, or availability of our information systems or any information residing therein. We have adopted as the governance framework for our cybersecurity program the Service Organization Control Type 2 (SOC2) and the Health Insurance Portability and Accountability Act (HIPAA). We use this framework as a guide to help us identify, assess, respond to, and manage cybersecurity risks relevant to our business. Our cybersecurity risk management program includes: periodic risk assessments designed to help identify material cybersecurity risks to our critical systems, information, and our broader enterprise information technology environment skilled information security and data privacy personnel, who support our cybersecurity risk assessment processes, our security controls, and our response to cybersecurity incidents external service providers, where appropriate, to monitor, assess, test, or otherwise assist with aspects of our security controls, and to support risk mitigation efforts training for our employees on cybersecurity awareness and the importance of protecting information assets. periodic reviews of key cybersecurity policies, and updating as needed a cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents. a third-party risk management platform is being used to govern and mitigate the potential risks, including a comprehensive process for service providers, suppliers, and vendors. We have not identified any risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition. Governance Our Board considers cybersecurity risk as part of its risk oversight function and management expects to keep the Board informed of any material cybersecurity threats and expects to provide a report to the Board on a periodic basis and the Board will consider and oversee. Our management team is responsible for assessing and managing our material risks from cybersecurity threats. Our Chief Technology Officer leads a team of information security professionals who have primary responsibility for our overall cybersecurity risk management program and supervises both our internal personnel and our external cybersecurity consultants. Our management team oversees efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, which may include threat briefings from internal personnel and external service providers, as well as alerts and reports produced by security tools deployed in the information technology environment. 50

Company Information