MANGOCEUTICALS, INC. 10-K Cybersecurity GRC - 2024-04-01

Page last updated on April 11, 2024

MANGOCEUTICALS, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-04-01 17:21:11 EDT.

Filings

10-K filed on 2024-04-01

MANGOCEUTICALS, INC. filed an 10-K at 2024-04-01 17:21:11 EDT
Accession Number: 0001493152-24-012508

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity The Company understands the importance of preventing, assessing, identifying, and managing material risks associated with cybersecurity threats. Cybersecurity processes to assess, identify and manage risks from cybersecurity threats have been incorporated as a part of the Company s overall risk assessment process. These risks include, among other things: operational risks, intellectual property theft, fraud, extortion, harm to employees or customers and violation of data privacy or security laws. We have processes in place to identify, assess and monitor material risks from cybersecurity threats, including the material risks of the Company. These processes are part of our overall enterprise risk management process and have been embedded in our operating procedures, internal controls and information systems. On a regular basis we implement into our operations these cybersecurity processes, technologies, and controls to assess, identify, and manage material risks. Cybersecurity risks related to our business, technical operations, privacy and compliance issues are identified and addressed through a multi-faceted approach including third party assessments, IT security, governance, risk and compliance reviews. To defend, detect and respond to cybersecurity incidents, we, among other things, have developed cybersecurity measures for our technology platform that include a variety of safety measures. The Company s technology platform and application is hosted on Amazon Web Services (AWS) with a Virtual Desktop Infrastructure (VDI) and operates on Linux. The application architecture is designed with security as a priority, leveraging AWS s robust infrastructure. We utilize an Amazon Relational Database Service (AWS RDS) for data storage, which resides within a private network to safeguard sensitive information. Only the front-end interface is exposed to the internet via port 80, while the rest of the application stack remains shielded behind AWS s firewall. This setup effectively blocks unauthorized external access, ensuring that only legitimate user requests reach our application. To further enhance security and prevent data breaches, our platform mandates the use of a .pem file for any connection to services within the platform, adding an extra layer of authentication. All client-server communications are encrypted using SSL (Secure Socket Layer), which ensures that all data transmitted over the internet is secure and protected from interception. Additionally, we employ AWS Shield for defense against Distributed Denial of Service (DDoS) attacks, which are increasingly common threats to online platforms. This comprehensive approach to security ensures that our platform remains resilient against attacks, protecting both our infrastructure and our users sensitive information. Moreover, the communication between the front-end and backend components of our platform is secured with security tokens, which prevent unauthorized access and ensure that only authenticated requests are processed. Personal information required for integrations with external systems is encrypted using hash algorithms, further securing data at rest and in transit. These security practices highlight our commitment to maintaining the confidentiality, integrity, and availability of user data. Our adherence to best security practices and utilization of AWS s advanced security features showcase our platform as a secure and reliable solution for customers seeking privacy and protection while purchasing sensitive health-related products. Incidents are evaluated to determine materiality as well as operational and business impact, and reviewed for privacy impact. We describe whether and how risks from identified cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition, under the heading Security breaches, loss of data and other disruptions could compromise sensitive information related to our business or customers, or prevent us from accessing critical information and expose us to liability, which could adversely affect our business and our reputation included as part of our risk factor disclosures at Item 1A of this Annual Report on Form 10-K. Cybersecurity is an important part of our risk management processes and an area of focus for our Board and management. 67 Table of Contents Our Chief Operating Officer and our Director of E-Commerce are responsible for the oversight of risks from cybersecurity threats. The Board receives information and updates periodically with respect to the effectiveness of our cybersecurity and information security framework, data privacy and risk management. The Board will also be provided updates on any material incidents relating to information systems security and cybersecurity incidents. As of and for the year ended December 31, 2023, there have been no cybersecurity incidents that have materially affected the Company s business strategy, results of operations, or financial condition.

Company Information