Page last updated on February 25, 2026
CARLSMED, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-02-25 16:09:56 EST.
Filings
10-K filed on 2026-02-25
CARLSMED, INC. filed a 10-K at 2026-02-25 16:09:56 EST
Accession Number: 0001193125-26-071551
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
Item 1C. Cybersecurity . Risk Management and Strategy We have established processes designed to identify, assess, and manage risks from cybersecurity threats that could affect our information systems, products, operations, or sensitive data. These processes are integrated into our broader enterprise risk management framework and are intended to help protect the confidentiality, integrity, and availability of our information assets. Our cybersecurity risk management program includes, among other things, risk assessments, employee training, incident response planning, and the use of technical safeguards designed to prevent, detect, and respond to cybersecurity incidents. We also engage third-party service providers to support certain aspects of our information technology infrastructure and evaluate cybersecurity risks associated with such third parties as part of our vendor management processes. We design our cybersecurity and data protection practices to support compliance with applicable data protection regulations. Our information security program is aligned with recognized industry standards and frameworks, including ISO/IEC 27001, which informs our policies, procedures, and controls for managing information security risks. We are in the process of implementing additional controls and documentation as part of an effort to achieve ISO/IEC 27001 certification; however, we cannot provide assurance regarding the timing or outcome of such certification efforts. We face cybersecurity risks common to companies in our industry, including risks related to unauthorized access to proprietary information, patient or customer data, intellectual property, and disruptions to business operations. While we believe our processes are designed to reduce cybersecurity risks, compliance with regulatory requirements and alignment with industry standards do not eliminate these risks, and we may not be able to anticipate or prevent all cybersecurity incidents. Governance Management is responsible for the day-to-day oversight and implementation of our cybersecurity risk management processes. This oversight is led by the office of Chief Technology Officer (CTO) and the members of the information technology and security functions , who have relevant experience managing information security and technology risks. These individuals coordinate cybersecurity efforts across the organization, including incident response planning, risk assessments, and employee awareness initiatives, and report relevant matters to senior management and the Board as appropriate. Our Board of Directors is responsible for overseeing our risk management processes and has delegated to the audit committee of our Board of Directors (the "Audit Committee") oversight of management's implementation of our cybersecurity risk management policies, strategies and mitigation measures. The Audit Committee receives periodic updates from management regarding cybersecurity risks, incidents (if any), and mitigation efforts. Cybersecurity Incidents As of the date of this Annual Report, we have not identified any cybersecurity incidents that have materially affected, or are reasonably likely to materially affect our business strategy, results of operations, or financial condition. However, we cannot provide assurance that future cybersecurity incidents will not have a material impact on the Company.
Company Information
| Name | CARLSMED, INC. |
| CIK | 0001794546 |
| SIC Description | Surgical & Medical Instruments & Apparatus |
| Ticker | CARL - Nasdaq |
| Website | |
| Category | Emerging growth company |
| Fiscal Year End | December 31 |