NEXT-ChemX Corporation. 10-K Cybersecurity GRC - 2025-04-30

Page last updated on May 1, 2025

NEXT-ChemX Corporation. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-04-30 16:54:16 EDT.

Filings

10-K filed on 2025-04-30

NEXT-ChemX Corporation. filed a 10-K at 2025-04-30 16:54:16 EDT
Accession Number: 0001641172-25-007847

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY DISCLOSURE As a Company with new technology, the Company may be a significant target of attack by competitors, foreign governments and other interested and malicious parties particularly as the knowledge of the potential impact of Company’s iTDE Technology becomes more widely known. The analysis of susceptibility to cyberattack distinguishes between two main types of risk, the first area being the business that relates to the technology and the second, more generally, as relates to the activities of the administration and management and encompasses the corporate records of the Company. In addition, the needs and requirements of cyber security control vary according to whether the person is operating from a mobile phone or a computer. Moreover, issues relating to cybersecurity are overshadowed by the fact that the Company operates from a variety of different offices in different companies; each employee operates using their own personal computer and in most cases this is also used for personal purposes resulting in an enhanced risk of breach from such alternative use. There is no single backup system for all files to preserve corporate records. There is no single required operating system (although most coworkers use MacBook) nor single software required for all coworkers, except Microsoft Word, Excel and PowerPoint, however, different employees operate different versions of these software. Employees are expected, but not required to keep their software up to date. The Company has no established process for assessing, identifying, and managing any material risks from cybersecurity threats. Breaches are not required to be reported. In the event, therefore of a cyber security incident, there is no system in place to assess whether such incident has materially affected or is reasonably likely to materially affect the Company. There is also oversight of the risks posed by cybersecurity threats and no analysis of what may be the result of such a breach of cybersecurity. There is no audit of Company personnel software loaded on computers or security requirements and no audit of computer usage. Given the distance between coworkers this would be too expensive at the present time in the cycle of the Company were we are severely underfunded. All personnel are expected to maintain a computer free from games and potentially hazardous sites such as non-solicited offers of services, purchases or investments, get rich-quick-schemes, sites with pornographic content. Personnel are required to maintain good internet security software and regularly to check their computers for cyber breaches or viruses.

Company Information