US NUCLEAR CORP. 10-K Cybersecurity GRC - 2025-06-25

Page last updated on June 25, 2025

US NUCLEAR CORP. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-06-25 09:57:45 EDT.

Filings

10-K filed on 2025-06-25

US NUCLEAR CORP. filed a 10-K at 2025-06-25 09:57:45 EDT
Accession Number: 0001213900-25-057524

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C- CYBERSECURITY Risk management and strategy The Company is committed to securing our information technology systems, including accounting software and back-of-house software, against cybersecurity threats and protecting the privacy of the data of our customers, employees, and other business partners. We recognize that cybersecurity threats are an ongoing concern in today’s digital world and that, despite devoting resources to secure our information technology systems, cybersecurity incidents can occur and, if so, could negatively impact our brand, business, results of operations and financial condition. Cybersecurity threats include any potential unauthorized occurrence on or conducted through our information technology systems or information technology systems of a third party that we utilize in our business that may result in adverse effects on confidentiality, integrity, or access to our information technology systems. Our cybersecurity risk management program includes a cybersecurity incident response plan. We design and assess our program primarily following the guidelines of the National Institute of Standards and Technology and Payment Card Industry Data Security Standard. This does not imply that we meet any particular technical standards, specifications, or requirements, only that we use these frameworks as a guide to help us identify, assess, and manage cybersecurity risks relevant to our business. The objectives of our programs are to protect the confidentiality, integrity, use and availability of the Company’s data; to protect against unauthorized access to the Company’s data, the Company’s network and information technology applications; and to maintain disaster recovery plans to prepare for and respond to the potential for disruption in the Company’s information technology . To meet these objectives, the Company’s Chief Executive Officer, website, and technical personnel manage our cybersecurity, information technology, and data privacy programs. Our information technology infrastructure includes firewalls, modern endpoint protections, intrusion detection tools and alerts, as well as multi-factor authentication to provide a multi-layered approach to protecting our information technology systems from unauthorized access, use, disclosure, disruption, or destruction. Such applications are regularly monitored and reviewed for adequacy and potential enhancements. We obtain System and Organizational Controls (“SOC”) 1 or SOC 2 reports on an annual basis from vendors that host our significant financial applications to aid in our assessment of information security risk amongst our relationships with the host vendors. We also perform access reviews for any of these systems that are subject to Sarbanes-Oxley oversight. We have developed an incident response plan outlining immediate response actions, including internal and external communication protocols. Under the plan, we have identified a management group comprising our Chief Executive Officer, Chief Financial Officer, and Corporate Controller. The plan provides that any cybersecurity incident will be reviewed by this group to determine whether it is material for securities law purposes and whether public disclosure is required, following consultations with outside counsel and/or the Board of Directors. We currently do not maintain cyber risk insurance coverage that is intended to mitigate the financial impact of cybersecurity and data privacy incidents experienced by the Company. Governance The full Board of Directors has the overall responsibility for risk oversight, including cybersecurity matters . At a management level, our cybersecurity program is led by our Information Technology manager, who reports to the Chief Financial Officer . Our Information Technology manager is equipped to help navigate the landscape of cybersecurity risks and challenges and to implement and manage a comprehensive security strategy. While cybersecurity threats have not materially affected our business strategy, results of operations or financial condition, future incidents may interrupt our operations and could materially adversely affect our business, results of operations and financial condition. 17

Company Information