Item 1C. Cybersecurity

 

Description of Processes for Assessing, Identifying, and Managing Cybersecurity Risks

 

In the normal course of business, we may collect and store certain sensitive company information, including proprietary and confidential business information, trade secrets, intellectual property, sensitive third-party information and employee information. Our access control policies are based on the principle of least privilege, limiting user access strictly to what is required for their roles. Additionally, we have general measures to identify potential threat actors, including the implementation of two-step verification processes to confirm the identity of all counterparties.

 

Impact of Risks from Cybersecurity Threats

 

As of the date hereof, the Company and our service providers have not experienced cybersecurity incidents, and we are not aware of any previous cybersecurity threats that have materially affected or are reasonably likely to materially affect the Company. However, we acknowledge that cybersecurity threats are continually evolving, and the possibility of future cybersecurity incidents remains. our security measures cannot guarantee that a significant cyberattack will not occur. A successful attack on our information technology systems could have significant consequences to our business. These measures cannot provide absolute security. No security measure is infallible. See “Risk Factors - Unauthorized disclosure, destruction or modification of data, including personal information, through cybersecurity breaches, computer viruses or otherwise or disruption of our services could expose us to liability, protracted and costly litigation and damage our reputation.” for additional information about the risks to our business associated with a breach or compromise to our systems.

 

Board of Directors’ Oversight and Management’s Role

 

Our Board is ultimately responsible for overseeing cybersecurity, information security, and information technology risks, as well as management’s actions to identify, assess, mitigate, and remediate those risks. On an annual basis, the Board reviews and discusses with management the Company’s policies, procedures and practices with respect to cybersecurity, information security and information and operational technology, including related risks. In addition, our director Dr. Yuanyuan Huang regularly briefs senior management and the Board of Directors on cybersecurity issues as part of our overall enterprise risk management program, which may include information regarding our exposure to privacy and cybersecurity risks deemed to have a moderate or higher business impact, even if immaterial to us. Dr. Yuanyuan Huang is responsible for implementing cybersecurity policies, programs, procedures, and strategies. Dr. Huang is experienced and qualified because of his education and working experience in related fields.