NanoVibronix, Inc. 10-K Cybersecurity GRC - 2024-04-08

Page last updated on April 11, 2024

NanoVibronix, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-04-08 17:30:36 EDT.

Filings

10-K filed on 2024-04-08

NanoVibronix, Inc. filed an 10-K at 2024-04-08 17:30:36 EDT
Accession Number: 0001493152-24-013966

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY We operate in the biotechnology sector, which is subject to various cybersecurity risks that could adversely affect our business, financial condition, and results of operations, including intellectual property theft fraud extortion harm to employees or customers violation of privacy laws and other litigation and legal risk and reputational risk. We recognize the critical importance of developing, implementing, and maintaining robust cybersecurity measures to safeguard our information systems and protect the confidentiality, integrity, and availability of our data. We currently have security measures in place to protect our clients, patients, customers, employees, and vendor information and prevent data loss and other security breaches, including a cybersecurity risk assessment program. We also only use third party software for accounting, billing and payroll that have successful SOC 1 type 2 compliance. Both management and the Board are actively involved in the continuous assessment of risks from cybersecurity threats, including prevention, mitigation, detection, and remediation of cybersecurity incidents. Our current cybersecurity risk assessment program consists of an annual review of our risks and policies. The program outlines governance, policies and procedures, and technology we use to oversee and identify risks from cybersecurity threats and is informed by previous cybersecurity incidents we have observed both within the Company and in our industry. Our General Manager, who is responsible for overseeing our business operations, with oversight from senior management and the nominating and the Corporate Governance Committee of our Board are responsible for day-to-day assessment and management of risks from cybersecurity threats, including the prevention, mitigation, detection, and remediation of cybersecurity incidents. We also use the services of an outside consulting firm to monitor activity and advise the company of cybersecurity protocols. 54 The Nominating and Corporate Governance Committee of the Board is responsible for oversight of risks from cybersecurity threats in conjunction with management. The committee receives interim reports and updates from the senior management, and management has committed to updating the full Board on a quarterly basis with respect to the management of risks from cybersecurity threats. Such reports cover the Company s information technology security program, including its current status, capabilities, objectives and plans, as well as the evolving cybersecurity threat landscape. Additionally, the Nominating and Corporate Governance Committee considers risks from cybersecurity threats as part of its oversight of the Company s business strategy, risk management, and financial oversight by requiring quarterly updates from management at its Board meetings. We routinely undertake activities to prevent, detect, and minimize the effects of cybersecurity incidents, including an annual risk review, policy reviews and revisions. In addition, we maintain business continuity, contingency, and recovery plans for use in the event of a cybersecurity incident by the administering of local and cloud based back up of files. and emails. We engaged and used the advice of a third-party consultant to help us assess and identify risks from cybersecurity threats, including the threat of a cybersecurity incident, and manage our risk assessment program. Among other things, these providers have recommended installation of Check Point Firewall and ESET Protect Advanced cloud based anti-virus, as well as site periodic evaluations of the work stations and onsite storage equipment. We also engaged third party consultants to prepare policies and procedures to oversee and identify the risks from cybersecurity threats associated with our use of third-party service providers and we continue to monitor that all third-party software providers remain in compliance with SOC 1 protocols. As of the date of this report, no cybersecurity incident (or aggregation of incidents) or cybersecurity threat has materially affected our results of operations or financial condition. However, an actual or perceived breach of our security could damage our reputation, and cause existing clients/customers to discontinue. As well as prevent us from attracting new clients/customers, and interfere with the progress of our clinical trials, or interfere with our efforts to pursue regulatory approvals for our product candidates, or subject us to third-party lawsuits, regulatory fines or other actions or liabilities, any of which could adversely affect our business, operating results or financial condition. For further information, see Risk Factors Our business and operations would suffer in the event of computer system failures, cyber-attacks or deficiencies in our cyber-security in Item 1A of this Annual Report on Form 10-K. We currently do not carry a cyber liability insurance policy, but are evaluating whether to acquire one to mitigate any financial impact of a cybersecurity breach.

Company Information