Medinotec Inc. 10-K Cybersecurity GRC - 2025-05-29

Page last updated on May 30, 2025

Medinotec Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-05-29 10:46:38 EDT.

Filings

10-K filed on 2025-05-29

Medinotec Inc. filed a 10-K at 2025-05-29 10:46:38 EDT
Accession Number: 0001663577-25-000171

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Cybersecurity Risk Management and Strategy We rely on our information technology to operate our business. As such, we have policies and processes designed to protect our information technology systems, some of which are managed by third parties, and resolve issues in a timely manner in the event of a cybersecurity threat or incident. We have designed our business applications and hosting services to minimize the impact that cybersecurity incidents could have on our business and have identified back-up systems where appropriate. We seek to further mitigate cybersecurity risks through a combination of monitoring and detection activities, use of anti-malware applications, employee training, quality audits and communication and reporting structures, among other processes. We engage a third-party consultant to assist us with our cybersecurity risk management framework, including the monitoring and detection of cybersecurity threats and responding to any cybersecurity threats or incidents. The Company maintains an ongoing partnership with a third-party cybersecurity service provider, which facilitates continuous communication through regular electronic updates and periodic onsite engagements. This collaboration ensures alignment in key areas of cybersecurity, including threat detection, vulnerability management, and incident response. We have implemented internal communication protocols designed to promptly escalate any cybersecurity incidents to the appropriate personnel responsible for evaluating their significance and potential materiality. Upon identification of an incident, the matter is assessed in coordination with our cybersecurity service provider. Relevant information is then communicated to the Board of Directors, which is responsible for determining whether public disclosure is required under applicable securities laws. This process is intended to support timely and accurate reporting in accordance with the Company’s disclosure obligations. Cybersecurity Governance The Company’s cybersecurity program is supported by a third-party consultant team, which provides expertise in monitoring, threat detection, and risk mitigation. This team operates under the oversight of senior leadership, specifically the Chief Executive Officer and an Independent Director with relevant experience. Together, they are responsible for managing the relationship with the cybersecurity consultants and ensuring that cybersecurity risk management remains aligned with the Company’s overall strategic objectives and risk tolerance. Our cybersecurity program is informed by industry-recognized best practices, including the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF), which guides our efforts across key domains such as risk identification, protection, threat detection, incident response, and recovery. This framework helps ensure consistency and effectiveness in our cybersecurity approach and supports compliance with evolving regulatory expectations. Cybersecurity oversight is also integrated into the Company’s broader corporate governance structure. Management provides updates to the Board of Directors at least quarterly, or more frequently as necessary in response to immediate threats or incidents. These updates cover any material cybersecurity events, as well as incidents of lesser impact that may indicate emerging risks or operational vulnerabilities. The Board, in exercising its oversight responsibilities, evaluates the potential impact of such incidents on the Company’s operations, financial condition, and disclosure obligations. This governance framework is designed to ensure that the Company remains responsive to the dynamic cybersecurity landscape, maintains regulatory compliance, and protects the integrity of its information systems and data assets. Our management team is responsible for assessing and managing our material risks from cybersecurity threats. Risks from Cybersecurity threats Although cybersecurity risks have not materially affected us, including our business strategy, results of operations or financial condition, to date, we face numerous and evolving cybersecurity threats in our business. For more information about the cybersecurity risks we face, see the risk factor entitled “The Medinotec Group of Companies rely on the proper function, security and availability of our IT systems and data to operate the business, and a breach, cyber-attack or other disruption to these systems or data could materially and adversely affect the business, results of operations, financial condition, cash flows, reputation, or competitive position.” in Item 1A. Risk Factors. During the years ended February 28, 2025 and February 29, 2024, we did not, to our knowledge, experience any cybersecurity incidents or breaches that materially impacted or are reasonably likely to materially impact our business, performance or results.

Company Information