OPGEN INC 10-K Cybersecurity GRC - 2025-08-21

Page last updated on August 21, 2025

OPGEN INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-08-21 17:27:21 EDT.

Filings

10-K filed on 2025-08-21

OPGEN INC filed a 10-K at 2025-08-21 17:27:21 EDT
Accession Number: 0001829126-25-006628

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy Under the direction of AEI Capital Ltd., the Company has strategically repositioned itself and established a wholly-owned subsidiary, CapForce , which has launched a new business offering listing sponsorship and consultancy services to international companies seeking to list their securities on securities exchanges. Additionally, CapForce contemplates entering the financial technology industry with a focus on developing and supporting advanced digital investment banking activities, cross-border securities trading, advanced computational model-enabled investment banking advisory, asset management services, and FinTech-enabled capital table management. As part of this plan, risk management processes have been implemented to manage the risks associated with reliance on vendors, critical service providers, and other third-parties that may lead to a service disruption or an adverse cybersecurity incident. This includes an assessment of vendors during the selection/onboarding process and a review of SOC 1 reports on an annual basis and other relevant security attestations, where applicable. 17 In addition, CapForce will be maintaining policies over areas such as information security, access on/offboarding, and access and account management, to help govern the processes put in place by management designed to protect our IT assets, data, and services from threats and vulnerabilities. CapForce partners with industry recognized IT providers, leveraging third-party technology and expertise. These third-party service providers are a key part of CapForce’s current cybersecurity risk management and provide services including, maintenance of an IT assets inventory, periodic vulnerability scanning, identity access management controls including restricted access of privileged accounts, network integrity safeguarded by employing web-based software, including endpoint protection, endpoint detection and response, and remote monitoring management on all devices, industry-standard encryption protocols and critical data backups. Our outsourced information technology consultants conduct proactive patching and monitoring of all of our existing systems and have implemented systems and procedures to mitigate cybersecurity risks that we believe are appropriate for a company of our size, stage of growth and financial condition. In addition, we carry insurance with coverage for cyber events that we believe is suitable for a company of our size, stage of growth and financial condition. Governance Management is responsible for the day-to-day management of the risks we face, while our Board of Directors and Audit Committee has responsibility for the oversight of risk management, including risks from cybersecurity threats. In its risk oversight role, our Board of Directors has the responsibility to satisfy itself that the risk management processes designed and implemented by management are appropriate and functioning as designed. The Board of Directors has delegated to the Audit Committee of the Board of Directors the responsibility for the oversight of information technology, including cybersecurity risks. Members of management assigned with cybersecurity oversight responsibility and/or third-party consultants providing cyber risk services brief the Audit Committee on cyber vulnerabilities identified through the risk management process, emerging threat landscape and new cyber risks, and provide updates on our processes to prevent, detect, and mitigate cybersecurity incidents. We face risks from cybersecurity threats that could have a material adverse effect on our business, financial condition, results of operations, cash flows or reputation. We acknowledge that the risk of a cyber incident is prevalent in the current threat landscape and that a future cyber incident may occur in the normal course of our business. We proactively seek to detect and investigate unauthorized attempts and attacks against our IT assets, data, and services, and we work to prevent their occurrence and recurrence where practicable through changes or updates to internal processes and tools and changes or updates to service delivery; however, potential vulnerabilities to known or unknown threats will remain. As of the date of this Annual Report, we are not aware of any cybersecurity threats, and have not experienced any cybersecurity incidents, that have materially affected us, including our business strategy, results of operations or financial condition. For additional information concerning risks related to cybersecurity, see Item 1A. Risk Factors: Security breaches, loss of data and other disruptions could compromise sensitive information related to our business or prevent us from accessing critical information and expose us to liability, which could adversely affect our business and our reputation.

Company Information