Marwynn Holdings, Inc. 10-K Cybersecurity GRC - 2025-08-08

Page last updated on August 8, 2025

Marwynn Holdings, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-08-08 17:00:52 EDT.

Filings

10-K filed on 2025-08-08

Marwynn Holdings, Inc. filed a 10-K at 2025-08-08 17:00:52 EDT
Accession Number: 0001213900-25-073744

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Cybersecurity Risk Management and Strategy We recognize the importance of assessing, identifying, and managing material risks associated with cybersecurity threats, as such term is defined in Item 106(a) of Regulation S-K. These risks include, among other things: operational risks, intellectual property theft, fraud, extortion, harm to employees or customers and violation of data privacy or security laws. Identifying and assessing cybersecurity risk is integrated into our overall risk management systems and processes. Our integration involves regular, systematic reviews and assessments conducted alongside other operational risks inspections. The findings from these reviews are communicated across relevant departments timely to inform decision-making. We have not engaged outside assessors, consultants, auditors or third parties in connection with such processes. We have processes to oversee and identify such risks from cybersecurity threats associated with our use of any third-party provider. Such processes include conducting due diligence assessments for all vendors, regularly reviewing vendor security practices, and including cybersecurity performance metrics in our vendor contracts to ensure that they comply with our security requirements. Cybersecurity Risks and Impact MWYN Inc. has not experienced any cybersecurity incidents to date that have materially affected its business strategy, results of operations, or financial condition. The Company recognizes that cybersecurity threats, including attempts to gain unauthorized access to systems, data breaches, and other malicious activities, continue to evolve in complexity and frequency across industry. While no material impacts have occurred thus far, the Company acknowledges that future incidents may reasonably be expected to materially affect its operations if not effectively prevented or mitigated. MWYN stores its sensitive and operational data on secured internal servers protected by firewall and access control protocols designed to prevent unauthorized access and ensure data integrity. Cybersecurity Governance Board Oversight The Board of Directors maintains oversight of the Company’s cybersecurity risk management practices. MWYN has engaged an external information technology specialist to monitor and assess the Company’s cybersecurity posture. This external service provider is responsible for identifying potential threats, conducting regular system reviews, and reporting material cybersecurity risks or incidents directly to the Board. The Board is informed of relevant cybersecurity developments on an as-needed basis and plays a role in reviewing and approving significant changes to the Company’s cybersecurity strategies. Management’s Role in Cybersecurity Risk Management The Company’s management team is actively involved in overseeing cybersecurity risk in coordination with the external IT specialist. While day-to-day technical operations are managed externally, internal leadership maintains responsibility for the overall risk management framework, including resource allocation, incident response planning, and strategic integration of cybersecurity within broader business operations. Management evaluates the cybersecurity program’s effectiveness periodically and ensures alignment with business continuity and operational risk mitigation objectives. Roles and Expertise Cybersecurity responsibilities are primarily assigned to the Company’s external IT specialist, who brings extensive experience in network security, infrastructure protection, and cybersecurity threat mitigation. The service provider has demonstrated expertise in firewall management, intrusion detection, and incident response protocols. Internally, the Company’s senior leadership team collaborates with the external provider and is responsible for ensuring that cybersecurity risks are effectively integrated into enterprise risk management practices. Although MWYN does not currently employ dedicated internal cybersecurity personnel, it leverages external expertise to support its cybersecurity operations. Cybersecurity Monitoring and Reporting Processes MWYN’s cybersecurity program includes continuous monitoring of its internal IT infrastructure, including its secured servers and firewall systems. The external IT specialist conducts regular system checks, vulnerability assessments, and real-time threat monitoring to detect and respond to potential cybersecurity incidents. In the event of an identified risk or security event, the specialist reports directly to management and, where appropriate, escalates the matter to the Board of Directors. Preventive controls, incident response procedures, and remediation protocols are reviewed and updated periodically to ensure continued protection of the Company’s digital assets. 37

Company Information