AWARE INC /MA/ 10-K Item 1C. Cybersecurity - 2026-03-06
AWARE INC /MA/ disclosed their cybersecurity strategy, risk management and governance process in an annual SEC Filing 10-K filing on 2026-03-06 16:00:53 EST
Company Summary
Aware, Inc. is a biometric identification company that develops and sells biometric software, platforms, SDKs and services for enrollment, identification, authentication and identity lifecycle management to government and commercial customers.
Filings
10-K filed on 2026-03-06
AWARE INC /MA/ filed an SEC Filing 10-K filing on 2026-03-06 16:00:53 EST.
Accession Number: 0001193125-26-096448
Item 1C. Cybersecurity
Item 1C - Cybersecurity
ITEM 1C. CYBERSECUrItY
Cybersecurity Risk Management and Strategy
To help protect the Company from a major cybersecurity incident that could have a material impact on operations or the Company's financial results, the Company has implemented policies, programs and controls, including technology investments that focus on cybersecurity incident prevention, identification and mitigation. The steps the Company takes to reduce its vulnerability to cyberattacks and to mitigate impacts from cybersecurity incidents include, but are not limited to: establishing information security policies and standards, implementing information protection processes and technologies, monitoring its information technology systems for cybersecurity threats, assessing cybersecurity risk profiles of key third-parties, implementing cybersecurity training and collaborating with public and private organizations on cyber threat information and best practices.
The Company has implemented a Cybersecurity Policy (the "Policy") that provides a framework for responding to cybersecurity incidents. The Policy includes requirements for incident disclosure and reporting, protocols for incident evaluation, including the use of third-party service providers and partners, and processes for notification and internal escalation of information to the Company's senior management, incident response team, and Board of Directors (the "Board") and appropriate Board committees. The Policy also addresses requirements for the Company's external reporting obligations. The Policy is reviewed and updated, as necessary but no less frequently than once a year, under the leadership of the Company's Chief Security Officer ("CSO").
Although the Company did not experience a material cybersecurity incident during the year ended December 31, 2025, the scope and impact of any future incident cannot be predicted. See "Item 1A. Risk Factors" for more information on the Company's cybersecurity-related risks.
Governance
The Board of Directors, primarily through its Audit Committee, oversees the Company's cybersecurity program. Management regularly reports to the Audit Committee on the current state of the Company's cybersecurity program, including the current threat landscape, cybersecurity risks, and any significant incidents. The Audit Committee may provide updates to the Board on the substance of these reports and any recommendations for improvements that the Audit Committee deems appropriate.
At the management level, the Company has established written policies and procedures to ensure that significant cybersecurity incidents are immediately investigated, addressed through the coordination of various internal departments, and publicly reported, to the extent required by applicable law.
Company
Profile
| Name | AWARE INC /MA/ |
|---|---|
| CIK | 1015739 |
| SIC Description | |
| Industry | |
| Ticker | AWRE |
| Website | |
| Category | Non-accelerated Filer |
| Fiscal Year End | December 31 |