Strata Critical Medical, Inc. 10-K Cybersecurity GRC - 2026-03-03

Page last updated on March 3, 2026

Strata Critical Medical, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-03-03 11:52:26 EST.

Filings

10-K filed on 2026-03-03

Strata Critical Medical, Inc. filed a 10-K at 2026-03-03 11:52:26 EST
Accession Number: 0001628280-26-013628

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy Strata's cybersecurity risk management processes are integrated into our broader enterprise risk management framework. We have established comprehensive processes for assessing, identifying, and managing material risks from cybersecurity threats, which include regular threat assessments, vulnerability scanning, penetration testing, and continuous monitoring of our information systems and infrastructure. We engage leading cybersecurity consulting firms and independent third-party assessors to evaluate our security posture, conduct specialized security assessments, and perform regular audits of our cybersecurity controls and practices. These engagements provide external validation of our security measures and help identify areas for improvement. We maintain formal processes to oversee and identify cybersecurity risks associated with our use of third-party service providers. This includes conducting security assessments of third-party vendors prior to engagement, requiring contractual security obligations, performing ongoing security reviews, and implementing continuous monitoring to identify and mitigate potential cybersecurity risks in our vendor relationships. We require key third-party service providers to maintain appropriate security certifications and comply with our security standards. The Company maintains multiple layers of safeguards to protect its information systems and data, including technical controls, employee cybersecurity awareness training, incident response procedures and regular exercises, cybersecurity insurance coverage, disaster recovery capabilities, and business continuity plans. We utilize third-party cybersecurity monitoring and threat detection services to identify and respond to potential threats in real-time, helping to minimize potential disruption to our business and operations. To date, the Company has not experienced any cybersecurity incidents that have materially affected the Company's business strategy, results of operations, or financial condition. While we face cybersecurity threats common to companies in the healthcare services industry, including risks related to ransomware, phishing attempts, and potential unauthorized access to systems containing protected health information, we believe that our cybersecurity risk management processes and controls are adequate to address these threats. Based on our current assessment, we do not believe that risks from cybersecurity threats are reasonably likely to materially affect the Company's business strategy, results of operations, or financial condition. However, cybersecurity threats continue to evolve, and there can be no assurance that future cybersecurity incidents will not have a material adverse effect on our business. For additional discussion of cybersecurity risks, see Item 1A. Risk Factors "-Risks Related to Intellectual Property, Cybersecurity, Information Technology and Data Management Practices" in this Annual Report. Governance The Board of Directors has delegated primary responsibility for cybersecurity risk oversight to the Audit Committee, which conducts quarterly reviews of the Company's cybersecurity posture. The Audit Committee receives regular reports from management regarding cybersecurity risks, incidents, and the effectiveness of our cybersecurity program. The full Board is informed about cybersecurity matters through Audit Committee reports and receives updates on material cybersecurity risks and incidents as they arise. At the management level, the Vice President of Technology has primary responsibility for overseeing the Company's cybersecurity program. They have over 20 years of experience in senior technology leadership roles and oversees IT infrastructure, application development, security compliance, and technology initiatives across the organization. Day-to-day management of our cybersecurity program is led by the Director of Cybersecurity, who reports to the VP of Technology and is responsible for implementing security controls, managing incident response, and coordinating with third-party security providers. The cybersecurity leadership team meets regularly to review threat intelligence, assess vulnerabilities, evaluate security incidents, and monitor compliance with security policies and procedures. These meetings include review of security metrics, incident reports, remediation status, and emerging threats relevant to the healthcare industry. The VP of Technology and Co-CEO provide regular updates to the Audit Committee on cybersecurity matters, including significant security incidents, changes to the threat landscape, and the status of key security initiatives. This reporting structure ensures that cybersecurity risks and incidents are escalated appropriately and that the Board maintains effective oversight of the Company's cybersecurity program.

Company Information