UTAH MEDICAL PRODUCTS INC - (UTMD)

10-K Filing Date: March 26, 2024
ITEM 1C - CYBERSECURITY

 

Risk Management and Strategy

 

The Company considers cybersecurity to be an important part of its overall business strategy and risk management. UTMD continuously monitors its information systems to assess, identify and manage risks from both inside and outside forces. Functional modules are fully-integrated, which provides for transaction checks and balances. Software systems have been validated for effectiveness of intended uses. Policies and procedures have been implemented which all employees acknowledge in writing, and agree to follow as a condition of employment. Access is documented and controlled by business function. Regular employee user training is conducted to promote awareness of outside threats and the importance of following procedures.

 

UTMD utilizes state-of-art cybersecurity devices and software to timely identify and prevent intrusion from external actors. The corporate information systems operations manager continuously monitors activity, and reports weekly to the CEO. Additional sources for assessing security effectiveness are annual outside audits of the information technology environment, risk and performance assessments provided by vendors of the routers and firewalls used by the Company and the news media.

 

There have been no events in at least the last thirty years that have been considered material enough to warrant changes to systems, processes or controls.

 

Governance

 

The Governance Committee of the Board of Directors maintains overall responsibility to oversee and assess the effectiveness of the Company’s cybersecurity strategy. The Board meets quarterly and any potential threats are reviewed and discussed at that time, unless the information systems team and/or the CEO decide earlier notification is warranted.