SCIENTIFIC ENERGY, INC 10-K Cybersecurity GRC - 2025-05-28

Page last updated on June 2, 2025

SCIENTIFIC ENERGY, INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-05-28 10:52:17 EDT.

Filings

10-K filed on 2025-05-28

SCIENTIFIC ENERGY, INC filed a 10-K at 2025-05-28 10:52:17 EDT
Accession Number: 0001376474-25-000498

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. CYBERSECURITY Cyber Risk Management and Strategy We understand the critical importance of assessing, identifying, and managing material risks associated with cybersecurity threats. To address this, we have established a cybersecurity risk management process that aligns with industry standards and is integrated into the Company’s overall risk management systems. By strategically embedding cybersecurity risk management within our broader risk management framework, we foster a company-wide culture of cybersecurity awareness. This integration ensures that cybersecurity considerations are a fundamental part of our decision-making processes at all levels. As a holding company, the Company’s board of directors and management work closely especially with IT department from our subsidiary Macao E-Media Development Company Limited (“MED”), to continuously evaluate and address cybersecurity risks in alignment with our business objectives and operational needs. Particularly, we had established a dedicated management standard for information security and cyber-security titled “Aomi APP Production Environment Anomaly Handling Guideline W-OM-CZ-001” (“Guideline”) since August 2020. This Guideline provides detailed definitions of incident levels, operational processes, anomaly handling workflows, review requirements, and a list of emergency response personnel. Since its formulation in 2020, we have adhered to these guidelines. On a daily basis, we maintain an efficient communication channel between our customer service department and IT department, through which any anomaly issues are promptly reported and responded to. Any severe anomaly will receive immediate attention. During national holidays, designated personnel from IT department will be responsible to monitor. In the event of the occurrence of any serious anomaly, we will refer to the Guideline for protocols and workflow. We leverage the support of third-party information technology and security providers, including for periodic security testing and vulnerability scanning, as part of our risk management process, designed to identify, assess, and manage cybersecurity risks. We, especially MED, has utilized services from AliCloud Hong Kong since its inception, employing the AliCloud WAF firewall to effectively block potential conventional cyber-attacks. We actively cooperate and engage with AliCloud Hong Kong security team, to conduct penetration testing on our entire system regularly, to identify and address any vulnerabilities promptly. Being a key client of AliCloud Hong Kong, we have established and maintained a group chat including account manager and support team of AliCloud, through which any anomaly issues can be immediately responded and resolved. Governance The organizational structure of the IT department of our subsidiary MED includes a specialized cyber-security team. Different levels of anomaly incidents are addressed through different workflows and reporting paths as stipulated in the Guideline, generally led and overseen by the head of the IT department in MED. Our Chief Executive Officer Stanley Chan, with the input and assistance of the management, is responsible for the strategic leadership and direction of the Company’s cybersecurity program. Our Chief Executive Officer is also primarily responsible for the assessment and management of material cybersecurity risks and establishing and maintaining adequate and effective internal controls covering cybersecurity matters. As of the date of this report, other than the foregoing, the Company is not aware of any cybersecurity incidents that have materially affected or are reasonably likely to materially affect the Company, including its business strategy, results of operations, or financial condition and that are required to be reported in this report. For more information about these risks, please refer to the section entitled “Risk Factors” in this Annual Report on Form 10-K.

Company Information