DALRADA FINANCIAL CORP 10-K Cybersecurity GRC - 2025-06-06

Page last updated on June 6, 2025

DALRADA FINANCIAL CORP reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-06-06 15:53:14 EDT.

Filings

10-K filed on 2025-06-06

DALRADA FINANCIAL CORP filed a 10-K at 2025-06-06 15:53:14 EDT
Accession Number: 0001683168-25-004299

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk management and strategy Cybersecurity risk management is an important part of the Company’s overall risk management efforts. We maintain a comprehensive enterprise-wide information security program that comprises policies and controls designed to identify, safeguard against, detect, respond to, mitigate and manage reasonably foreseeable cybersecurity risks and threats. Our approach utilizes diverse security tools to prevent, identify, investigate, resolve and recover from vulnerabilities and security incidents. These include, but are not limited to, internal reporting, monitoring and detection tools. We use a collaborative, enterprise-wide strategy to address cybersecurity risks and allocate significant resources to our cybersecurity and risk management processes, which efforts are intended to adapt to the evolving cybersecurity landscape and promptly address emerging threats. Our cybersecurity risk management program aligns with the National Institute of Standards and Technology (NIST) framework and is organized into five key functions: identification, protection, detection, response and recovery. We regularly assess the threat landscape and employ a layered cybersecurity strategy to prevent, detect and mitigate threats. We assess risks associated with third-party providers as part of our overall cybersecurity risk management framework by reviewing system and organization controls reports, when available, and other independent reports. We also generally require third parties to, among other things, maintain security controls to protect our confidential information and to promptly notify us of material breaches that may impact our data. Our security controls include: · Network traffic monitoring and filtering · Usage of Sentinelone · Proofpoint to protect against phishing attacks · OS/Hardware hardening · OS/Software hardening · Physical barriers to hardware access · Usage of on prem hardware firewall · VLANs in order to keep less secure hardware such as printers and scanners on their own VLAN to minimize attack vectors Our Board of Directors has oversight of our enterprise risk assessment and risk management processes, as well as the steps taken to mitigate these risks, including for cybersecurity matters. The Audit Committee of our Board of Directors has oversight of cybersecurity risk assessment and risk management policies as part of its risk management oversight responsibilities. Any significant cybersecurity matters, including those related to incidents, are escalated to the Board of Directors. We face cybersecurity threats in the ordinary course of our business and have faced cybersecurity threats and breach attempts in the past. Such threats and breach attempts have not materially affected our business, strategy, results of operations or financial condition. At any given time, however, we may face known or unknown cybersecurity risks and threats that cannot be fully prevented or mitigated, and we may discover vulnerabilities in our cybersecurity programs. Therefore, we may not be successful in preventing or mitigating a cybersecurity incident that could have a material adverse effect on us. 4

Company Information