AiXin Life International, Inc. 10-K Cybersecurity GRC - 2024-04-08

Page last updated on April 11, 2024

AiXin Life International, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-04-08 17:15:30 EDT.

Filings

10-K filed on 2024-04-08

AiXin Life International, Inc. filed an 10-K at 2024-04-08 17:15:30 EDT
Accession Number: 0001493152-24-013947

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Policy We regularly review our cybersecurity defenses to assess our vulnerability to cybersecurity attacks from viruses, malware and more sophisticated and targeted cyber-related attacks such as hackers looking to demand ransomware or access our systems to obtain information and data, as well as our vulnerability to cybersecurity failures resulting from human error and technological errors. We rely upon internal IT personnel working in conjunction with specialized outside security consultants on a day to day basis to conduct reviews and upgrade our systems when determined to be necessary. Our overall strategy in combatting cybersecurity risks includes a variety of measures, including: the use of antivirus software, virtual private networks, email security, as well as other software and system-wide measures such as multi-factor authorization to prevent and detect data intrusions deployment of updates and patches as they become available from our software suppliers and consultants and maintaining the current versions of major software to reduce the exposure to vulnerabilities the use of third-party services to conduct mandatory online training for all employees regarding identifying and avoiding cyber-security risks the review of the security procedures used by third parties that may host or otherwise have access to our systems the deployment of third-party cyber-security experts to perform penetration testing on our internal and external networks and systems in an effort to identify potential vulnerabilities and consideration of the cybersecurity risks posed by interacting with current and potential third-party service providers, suppliers and customers.. We are not aware of any existent weakness in our systems or malware embedded in our systems that are likely to would materially affect, or are reasonably likely to materially affect, our operations. Day-to day management of cybersecurity threats is conducted by our Information Technology department in conjunction with outside service providers, which is charged with identifying and reporting threats to senior management. On a quarterly basis, cybersecurity is reviewed by our Chief Executive Officer and Chief Financial Officer, who are expected to report to the Audit Committee. Board Oversight The Audit Committee of our Board of Directors, which is composed of all non-employee directors, is responsible for oversight of our efforts to eliminate cybersecurity risks. The Audit Committee meets regularly with our Chief Executive Officer and Chief Financial Officer and, in turn, reports its finding to the Board of Directors. 31

Company Information