Carmell Corp 10-K Cybersecurity GRC - 2024-04-01

Page last updated on April 11, 2024

Carmell Corp reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-04-01 11:46:27 EDT.

Filings

10-K filed on 2024-04-01

Carmell Corp filed an 10-K at 2024-04-01 11:46:27 EDT
Accession Number: 0000950170-24-038992

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. Managing cybersecurity risk is a crucial part of our overall strategy for safely operating our business. We incorporate cybersecurity practices into our Enterprise Risk Management ( ERM ) approach, which is subject to oversight by our Board of Directors (the BOD ). Consistent with our overall ERM program and practices, our cybersecurity program includes: Vigilance: We maintain a cybersecurity program that endeavors to identify risks, protect assets, detect threats, respond to incidents, and recover from damaging events in a prompt and effective manner with the goal of minimizing business disruptions through effective governance of people, processes, and technologies. External Collaboration: We collaborate with third-party service providers to identify, assess and mitigate cybersecurity risks. Systems Safeguards: We deploy technical safeguards that are designed to protect our information systems, products, operations and sensitive information from cybersecurity threats, including compromises of our information systems and our data s confidentiality, integrity, and availability. These include firewalls, disaster recovery capabilities, malware and ransomware prevention, access controls, and encryption. Education: We provide monthly training for all personnel regarding cybersecurity threats, with such training appropriate to the roles, responsibilities and access of the relevant Company personnel. Our policies require all workers to report any real or suspected cybersecurity events. Incident Response Planning: We have established and maintain incident response plans that direct our response to cybersecurity events and incidents. Such plans include the protocol by which a material incident would be communicated to executive management, our BOD, external regulators and shareholders. Governance: Our BOD s oversight of cybersecurity risk management is led by the Company’s Audit Committee, which oversees our ERM program. Cybersecurity threats, risks and mitigation are reviewed by the Audit Committee on at least an annual basis and such reviews include internal and independent assessment of risks, controls and overall program effectiveness. Our risk assessment efforts have indicated that we are a potential target for theft of intellectual property, financial resources, personal information, and trade secrets from a wide range of actors including nation states, organized criminal groups, malicious insiders and activists. The impacts of attacks, abuse and misuse of the Company s systems and information include, without limitation, loss of assets, operational disruption and damage to the Company s reputation. A key element of managing cybersecurity risk is the ongoing assessment and testing of our processes and practices through assessments and other exercises focused on evaluating the sufficiency and effectiveness of our cybersecurity risk management efforts. If a material weakness in our cybersecurity risk management program is identified, it will be reported to the Audit Committee and the BOD, as appropriate, and we will make adjustments to our cybersecurity processes and practices as necessary to eliminate or compensate for that weakness. Our CFO is principally responsible for overseeing our cybersecurity risk management program, in partnership with other Company management. We believe our business leaders, including our CFO, have the appropriate expertise, background and depth of experience to manage risks arising from cybersecurity threats. Our CFO collaborates with other Company business leaders to implement a program designed to manage our exposure to cybersecurity risks and to promptly respond to cybersecurity incidents. The Audit Committee oversees cybersecurity risk management, including the policies, processes and practices that management implements to operationalize our cybersecurity risk management program. The Audit Committee will promptly receive information regarding any material cybersecurity incident that may occur, including any ongoing updates. The Audit 31 Committee periodically discusses our approach to cybersecurity risk management with our CFO, who oversees the Company s information systems. As of the date of this Form 10-K, we are not aware of any cybersecurity incidents that have materially affected or are reasonably likely to materially affect the Company, including our business strategy, results of operations, or financial condition at this time.

Company Information