InfuSystem Holdings, Inc 10-K Cybersecurity GRC - 2024-04-09

Page last updated on April 11, 2024

InfuSystem Holdings, Inc reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-04-09 19:41:42 EDT.

Filings

10-K filed on 2024-04-09

InfuSystem Holdings, Inc filed an 10-K at 2024-04-09 19:41:42 EDT
Accession Number: 0001628280-24-015511

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity We recognize the importance of cybersecurity in safeguarding sensitive information, maintaining operational integrity, and ensuring the safety and efficacy of our medical devices. Our cybersecurity risk management program, which is based on recognized frameworks established by the National Institute of Standards and Technology (“NIST”), is integrated into our overall enterprise risk management program, and shares common reporting channels and governance processes that apply across the enterprise risk management program to other legal, compliance, operational and financial risk areas. We are dedicated to maintaining the highest standards of cybersecurity to protect our customers and stakeholders. We will continue to adapt to evolving threats and regulations to ensure the safety and security of our products and information. Cybersecurity Risk Management Risk Assessment : We regularly conduct comprehensive cybersecurity risk assessments, identifying potential vulnerabilities and threats that could impact the confidentiality, integrity, and availability of our medical devices and associated data. Policies and Procedures : InfuSystem has established and maintains cybersecurity policies and procedures that align with industry best practices and regulatory requirements. These policies address areas such as data protection, access control, incident response, and vulnerability management. Training and Awareness : We provide ongoing cybersecurity training and awareness programs to our employees and contractors, emphasizing the importance of their role in safeguarding sensitive information and reporting security incidents. Use of Third-Parties : InfuSystem works with a third-party Cybersecurity risk partner who s systems ingest information regarding the current state of the Company s information and technology environment and using specialized algorithms provide assessments of the company s Cybersecurity risk exposure as well as providing targeted advice to mitigate any risks identified. Third-Party Risk Management : InfuSystem evaluates the cybersecurity practices of third-party vendors and suppliers, ensuring that they meet our cybersecurity standards and pose no undue risk to our medical devices and data. Incident Response Plan : We maintain a robust incident response plan that outlines the steps to be taken in the event of a cybersecurity incident. This plan includes procedures for reporting incidents, containing threats, and notifying affected parties as required by law. Cybersecurity Incidents InfuSystem is committed to transparency and promptly disclosing any material cybersecurity incidents that may impact our business, customers, or investors. As of the date of this report, we have not experienced any material cybersecurity incidents. Please see the Item 1A. Risk Factor above entitled " Cybersecurity risks and cyber incidents could adversely affect our business and disrupt operations " for more information regarding cybersecurity incident risks associated with InfuSystem. Ongoing Efforts InfuSystem is committed to continuous improvement in our cybersecurity risk management practices. In the coming fiscal year, we will focus on: 1. Enhancing our threat detection and monitoring capabilities. 2. Conducting regular tabletop exercises to improve incident response readiness. 3. Staying abreast of emerging threats and adjusting our cybersecurity posture accordingly. 20 Table of Contents 4. Collaborating with industry partners and regulatory authorities to enhance overall cybersecurity resilience in the medical device industry. Cybersecurity Governance InfuSystem maintains a dedicated cybersecurity governance framework led by our Chief Information Officer (CIO). The CIO serves as an Executive Officer who reports directly to senior management and makes regular reports to the audit committee. Management reports to the Board of Directors with respect to cybersecurity matters. Given the position cybersecurity has in the Company s strategy to be the most trusted partner for our clients and the potential costs to the business of a major cybersecurity event, Cybersecurity is a standing topic for the audit committee, and Board of Directors. For more information regarding the expertise of management, see Executive Officers in our definitive proxy statement relating to the 2023 Annual Meeting of Stockholders filed with the SEC on April 10, 2023.

Company Information