Page last updated on November 6, 2025
DevvStream Corp. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-11-05 21:02:26 EST.
Filings
10-K filed on 2025-11-05
DevvStream Corp. filed a 10-K at 2025-11-05 21:02:26 EST
Accession Number: 0001140361-25-040617
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
ITEM 1C. CYBERSECURITY Cybersecurity Risk Management and Strategy Our management recognizes the impact that cybersecurity threats could have on our business operations, our compliance with regulations and our reputation. We have identified cybersecurity as a critical business risk as part of our overall risk management strategy , which our board of directors oversees. We have implemented an information security management system in accordance with our risk profile and business that is designed to protect the Company, our employees, and our shareholders from cybersecurity threats. We have also developed an incident response policy and procedure designed to facilitate the handling of cybersecurity incidents. Our cybersecurity risk management program seeks to proactively identify, assess, and mitigate risks from cybersecurity threats. Key components include informal self-assessments, third-party managed security services, malware protection, and network security controls. We also maintain a cyber insurance policy that provides coverage for certain costs and liabilities associated with cybersecurity incidents, including data breaches and network interruptions; however, such insurance may not be sufficient to cover all losses in every circumstance. We take a risk-based approach to the evaluation and oversight of third-party vendors with access to Company systems or data. We have not identified any cybersecurity incidents or threats that have materially affected us or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition. However, like other companies in our industry, we and our third-party vendors have from time-to-time experienced threats and cybersecurity incidents that could affect our information or systems. For more information, see Item 1A. Risk Factors. Governance Oversight of Cybersecurity Risk Management Oversight of cybersecurity risk is the responsibility of the Board of Directors as part of its broader role in overseeing the Company's enterprise risk management framework. The Board receives periodic updates from management regarding cybersecurity matters, including the Company's information security program, risk assessments, and incident response preparedness. The Board delegates certain aspects of enterprise risk oversight to its committees as appropriate; however, cybersecurity risk management is primarily monitored at the full Board level. The Board regularly reviews management's assessment of cybersecurity risks, key controls in place to mitigate those risks, and the Company's overall cyber readiness. Management is responsible for implementing and maintaining the Company's cybersecurity policies, programs, and controls, and for reporting to the Board on material developments and significant incidents. Updates to the Board occur at least annually and more frequently as needed in the event of notable changes in the threat environment or incidents requiring attention.
Company Information
| Name | DevvStream Corp. |
| CIK | 0001854480 |
| SIC Description | Investors, NEC |
| Ticker | DEVS - Nasdaq |
| Website | |
| Category | Emerging growth company |
| Fiscal Year End | July 30 |