Avinger Inc - (AVGR)
10-K Filing Date: March 20, 2024
Risk Management and Strategy
Because it is essential to our operations and business strategy that our website, technology and network infrastructure remain secure, we have processes in place for assessing, identifying, and managing material risks from cybersecurity threats. We have integrated these processes into our cybersecurity risk management program.
The key processes, or components, of our cybersecurity risk management include:
| ● | conducting periodic risk assessments to assist in identifying cybersecurity threats or risks; |
| ● | cybersecurity strategic roadmap; |
| ● | security and IT infrastructure management team, responsible for managing our cybersecurity processes, implementing security applications and protocols, monitoring and executing security or network controls, and responding to incidents or threats; |
| ● | cybersecurity training programs and cybersecurity awareness events for employees; |
| ● | incident response plan, including assessing and monitoring potential cyber threats; |
| ● | similar processes or applications to mitigate or manage cybersecurity risk from third-party service providers; |
We sometimes engage external cybersecurity experts, or applications, to enhance our cybersecurity program. These serve to assist our internal cybersecurity team in mitigating cyber threats, in addition to monitoring and responding to potential cyber incidents.
Additional information regarding risks from cybersecurity threats is discussed in Part I, Item IA, “Risk Factors,” under the heading “If our technology infrastructure is compromised, damaged or interrupted by a cybersecurity incident, data security breach or other security problems, our operating results and financial condition could be adversely affected,” which should be read in conjunction with the information herein.
Governance
Cybersecurity risk management is an important priority integrated into our overall governance structure. Our Board of Directors oversees risks from cybersecurity threats and includes the involvement of the Audit Committee in the governance strategy.
Our IT security management team, led by certain key functional leaders in our organization, who reports quarterly in meetings to our Audit Committee and periodically to our Board of Directors regarding updates to our cybersecurity program and related risks. Topics in the meetings include discussion of the company-wide risks, protocols to mitigate such risks, and the progress of initiatives in the cybersecurity program. Specific cybersecurity briefing areas may include topics such as security, infrastructure, cybersecurity tooling/applications, and compliance.