Aclarion, Inc. - (ACON)
10-K Filing Date: March 28, 2024
Risk Management and Strategy
Aclarion is committed to maintaining the highest standards of cybersecurity to protect our systems, data, and operations against potential threats. Our cybersecurity risk management process is comprehensive and integrated into our overall risk management framework, ensuring continuous assessment, identification, and management of cybersecurity threats.
1. | Assessment, Identification, and Management of Cybersecurity Threats: |
· | Aclarion assesses and identifies material risks from cybersecurity threats. Our risk management strategy is designed to adapt to the evolving cybersecurity landscape, ensuring that we stay ahead of potential threats. | |
· | Our cybersecurity risk management processes are integrated into our risk management system, ensuring a holistic approach to identifying and mitigating risks across the organization. | |
· | Aclarion has established protocols to manage and mitigate risks associated with third-party service providers, including continuous monitoring of third-party practices. | |
· | The management team has extensive experience in medical device and software productization, including addressing cybersecurity threats. |
2. | Impact of Cybersecurity Threats on Business: |
· | To date, Aclarion has not experienced any material cybersecurity incidents that have significantly impacted our business operations, strategy, or financial condition. We remain vigilant and proactive in our cybersecurity efforts to prevent potential future incidents that could affect our business. |
Governance
1. | Board of Directors Oversight: |
· | While we do not have a dedicated committee for cybersecurity, our Board of Directors, supported by executive management, ensures comprehensive oversight of cybersecurity risks and strategies. |
2. | Management's Role: |
· | The responsibility for assessing and managing cybersecurity risks at Aclarion is vested in our executive management team, who have significant experience in managing cybersecurity in the medical SaaS industry. This team is tasked with the continuous monitoring and management of cybersecurity threats. | |
· | Our management team is informed about cybersecurity risks through regular updates and incident briefings. They oversee the implementation of preventative, detective, and mitigative measures against potential cybersecurity incidents. | |
· | Executive management reports to the Board of Directors on cybersecurity matters, ensuring a top-down approach to cybersecurity risk management. |
80 |
Cybersecurity Measures and Compliance
· | Aclarion uses leading cloud service providers, ensuring that our data handling and storage practices meet HIPAA and GDPR compliance standards. Business Associate Agreements (BAA’s) are in place as required. | |
· | Aclarion enforces strict data encryption protocols for data in transit and at rest, coupled with regular off-line data backups to mitigate the risk of data loss or inaccessibility. | |
· | Aclarion has drafted and its employees trained to the Aclarion HIPAA Quality Manual for compliance with HIPAA Security Rule 164. Our organization conducts annual HIPAA and GDPR training for all employees to ensure awareness and compliance with data protection regulations. | |
· | Aclarion practices stringent login credential security hygiene across all levels of the organization. All systems with material confidential data, including patient health information (PHI) and/or Personal identifiable information (PII), require 2-Factor Authentication (2FA) login credentials. | |
· | Aclarion holds annual cybersecurity reviews involving executive management to evaluate and enhance our cybersecurity posture, ensuring preparedness against evolving threats. |
Aclarion is dedicated to maintaining robust cybersecurity measures to protect against potential threats. Our proactive approach to cybersecurity risk management, coupled with our compliance with industry standards and regulations, positions us well to manage and mitigate cybersecurity risks effectively. We remain committed to transparency and continuous improvement in our cybersecurity practices to safeguard our stakeholders' interests.