BioNexus Gene Lab Corp - (BGLC)
10-K Filing Date: April 16, 2024
Risk Management and Strategy
Our cybersecurity policies, standards, processes and practices are based on applicable laws and regulations and informed by industry standards and industry-recognized practices. Our strategy to assess, identify, and manage material cybersecurity risks is focused on preserving the confidentiality, security, and availability of our information systems and data. We implement security measures and processes to identify, prevent, and mitigate cybersecurity threats and to effectively respond to cybersecurity incidents when they occur. Our cyber risk management includes: (1) enterprise risk management to identify top cybersecurity risks; (2) vulnerability management to identify software vulnerabilities and risks related to compute infrastructure; (3) vendor risk management to identify risks related to third parties and business partners; (4) privacy risk management to identify privacy risks in our product and platforms and ensure regulatory compliance; and (5) security incident response to investigate, respond to, and mitigate cyber threats. As needed, we will engage third parties to identify risks in our underlying software and infrastructure, to provide threat intelligence, and to assist in triaging, identifying, and responding to cyber threats.
In 2023, we did not identify any cybersecurity threats that have materially affected or are reasonably likely to materially affect our business strategy, results of operations, or financial condition. However, despite our efforts, we cannot eliminate all risks from cybersecurity threats, or provide assurances that we have not experienced undetected cybersecurity incidents.
Governance
Our Board of Directors maintains oversight of risks from cybersecurity threats. Our Chief Executive Officer is assigned oversight of cybersecurity risks. Our Chief Executive Officer is responsible for ensuring that management has processes in place designed to identify and evaluate cybersecurity risks to which the Company is exposed and to implement processes and programs to manage cybersecurity risks and mitigate cybersecurity incidents.
29 |