SolarMax Technology, Inc. 10-K Cybersecurity GRC - 2024-04-16

Page last updated on April 16, 2024

SolarMax Technology, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-04-16 17:03:38 EDT.

Filings

10-K filed on 2024-04-16

SolarMax Technology, Inc. filed an 10-K at 2024-04-16 17:03:38 EDT
Accession Number: 0001640334-24-000675

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Our company diligently monitors cybersecurity risks, conducting annual reviews at senior management levels and, if necessary, with the Audit Committee for updates to the Board of Directors. Currently, we believe there are no significant cybersecurity threats that pose a material risk to our business strategy, operations, or financial condition. To safeguard data confidentiality, integrity, and accessibility, we have robust processes in place for assessing, identifying, and managing cybersecurity risks. Our information security (IT) function is outsourced to vendors with specialized security expertise and comprehensive risk management procedures, encompassing physical, procedural, and technical safeguards. These measures include response plans, regular system tests, third-party reviews, incident simulations, and ongoing policy and procedure refinement to mitigate risks. Our primary strategy for mitigating cyber risks involves storing sensitive data with trusted third-party providers who meet stringent audit and security standards. Our enterprise resource planning (ERP) and system of record are hosted by a third party employing rigorous monitoring tools, controls, policies, and an experienced security team. Our vendors comply with various industry standards such as SOC 1, SOC 2, PCI-DSS, EU-US Privacy Shield framework, NIST, and ISO 27000 series. Our IT network is managed by a third-party managed service provider (MSP) proficient in network setup and security. The MSP monitors our network around the clock, to provide prevention, detection, correlation, investigation, and response to any security incidents, promptly notifying management of any potential issues. Our MSP conducts proactive threat hunting to identify potential cybersecurity risks within our network. Additionally, a dedicated team researches vulnerabilities, performs vulnerability scans, conducts security audits, and reviews policies to mitigate potential risks. Network Protection We use a security package with regularly updated antivirus software to block and prevent malicious processes and files. Firewalls are configured to block potentially harmful activity, and the network is segmented to protect confidential data with access permissions based on the principle of least privilege. We maintain backup data in key locations to facilitate recovery in the event of data loss or disaster. Detect Issues Our system employs active scanners to constantly monitor for potential threats, suspicious behavior, and harmful activity. It utilizes user behavioral analysis and learning to stop potential threats in real time. Both our vendors maintain teams to review alerts, confirming true or false positives in the network. 66 Table of Contents Threat Response Our vendors provide SOC teams that automatically investigate and address potential attacks. They collaborate to ensure immediate responses, utilizing playbooks and auto-remediation methods such as password resets, IP blocking, software removal, and risk mitigation.

Company Information