OneMeta Inc. 10-K Cybersecurity GRC - 2024-04-01

Page last updated on April 11, 2024

OneMeta Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-04-01 13:52:08 EDT.

Filings

10-K filed on 2024-04-01

OneMeta Inc. filed an 10-K at 2024-04-01 13:52:08 EDT
Accession Number: 0001493152-24-012247

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. The Company s Cybersecurity System includes administrative, technical, and physical safeguards and is designed to provide an appropriate level of protection to maintain the confidentiality, integrity and availability of the Company s and its customers information. This includes protecting against known and evolving threats to the security of the Company s systems and information, and against unauthorized access, compromise, or loss of data. The Cybersecurity System is managed centrally, so the same security controls, policies and procedures are implemented across the organization. The Company maintains cybersecurity policies including an Acceptable Use Policy that all system users sign to acknowledge that they understand their security responsibilities. All system users receive security awareness training which includes phishing attack simulation testing. A key element of the Company s Cybersecurity System is to mature the system to align with the CIS18 Critical Security Controls security framework. The CIS controls are designed based on real-world data about cyber-attacks, to ensure that the measures are effective against current threats. The framework provides a prioritized set of actions, which enables the Company to focus its efforts on the most effective defensive measures first. This prioritization helps in optimizing the use of resources for maximum impact on security. This strategy provides a structured and effective approach to cybersecurity, helping the Company to protect its assets, comply with regulations, manage risks, and improve its overall security posture. Governance The Company has established controls and procedures to escalate enterprise-level issues, including cybersecurity matters, to the appropriate management levels within its organization and to its Board of Directors, or members or committees thereof, as appropriate. The Company s Board of Directors is responsible for enterprise risk management, including its approach to managing cybersecurity risk, and has delegated oversight responsibility of information security risks to its Audit Committee. Under the Company s framework, cybersecurity issues are analyzed by subject matter experts for potential financial, operational, and reputational risks, based on, among other factors, the nature of the matter and breadth of impact. Matters determined to present potential material impacts to the Company s financial results, operations, and/or reputation are immediately reported by management to the Company s Board of Directors or its Audit Committee, as appropriate, in accordance with its escalation framework. In addition, the Company has established procedures to ensure that management responsible for overseeing the effectiveness of disclosure controls is informed in a timely manner of known cybersecurity risks and incidents that may materially impact the Company s operations and that timely public disclosure is made as appropriate. The Company s Cybersecurity System is led by the Chief Executive Officer ( CEO ) in collaboration with other third-party cybersecurity service providers which in turn assist in monitoring our exposure from significant information technology suppliers, significant software as a service providers and major vendors with access to our information technology systems. Further, team members who support our cybersecurity program have relevant educational and industry experience through various roles involving information technology, security, auditing, compliance, systems and programming. The Company does not maintain cyber insurance coverage at this time. During the last three years, the Company has not experienced a material security breach and, as a result, the Company has not incurred any material expenses from such a breach. Furthermore, during such time, the Company has not been penalized or paid any amount under any information security breach settlement.

Company Information