EvoAir Holdings Inc. 10-K Cybersecurity GRC - 2025-11-12

Page last updated on November 12, 2025

EvoAir Holdings Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-11-12 10:36:47 EST.

Filings

10-K filed on 2025-11-12

EvoAir Holdings Inc. filed a 10-K at 2025-11-12 10:36:47 EST
Accession Number: 0001493152-25-021801

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Risk Management and Strategy We identify and assess material risks from cybersecurity threats to our information systems and the information residing in our information systems by monitoring and evaluating our threat environment on an ongoing basis using various methods including, for example, using manual and automated tools, subscribing to reports and services that identify cybersecurity threats, analyzing reports of threats and threat actors, conducting scans of the threat environment, and conducting risk assessments. We manage material risks from cybersecurity threats to our information systems and the information residing in our information systems through various processes and procedures, including, depending on the environment, risk assessment, incident detection and response, vulnerability management, disaster recovery and business continuity plans, internal controls within our accounting and financial reporting functions, encryption of data, network security controls, access controls, physical security, asset management, systems monitoring, and employee training . We engage third-party service providers to provide some of the resources used in our information systems and some third-party service providers have access to information residing in our information systems. With respect to such third parties, we seek to engage reliable, reputable service providers that maintain cybersecurity programs . We are not aware of any risks from cybersecurity threats, including as a result of any cybersecurity incidents, which have materially affected or are reasonably likely to materially affect our Group, including our business strategy, results of operations, or financial condition. Refer to "Item 1A. Risk Factors- Risks Associated with Business and Industry - Unauthorized disclosure, destruction or modification of data, through cybersecurity breaches, computer viruses or otherwise or disruption of our services could expose us to liability, protracted and costly litigation and damage our reputation". Cybersecurity Governance Our Board of Directors holds oversight responsibility over our Group's risk management and strategy, including material risks related to cybersecurity threats. The Board of Directors oversees the management of our Group's major financial risk exposures, the steps management has taken to monitor and control such exposures, and the process by which risk assessment and management is undertaken and handled, which would include cybersecurity risks, in accordance with its charter. The Board of Directors holds regular meetings and receives periodic reports from management regarding risk management, including major financial risk exposures from cybersecurity threats or incidents . Management is responsible for assessing and managing our material risks from cybersecurity threats on a day-to-day basis and keep the Board of Directors informed on a regular basis of the identification, assessment, and management of cybersecurity risks and of any cybersecurity incidents . As of the date hereof, the Company has not encountered cybersecurity incidents that the company believes to have been material to the Company taken as a whole.

Company Information