KORU Medical Systems, Inc. - (KRMD)

10-K Filing Date: March 13, 2024
ITEM 1C. CYBERSECURITY

 

Management has responsibility for developing and coordinating the Company’s cybersecurity policy and strategy, and for managing the prevention, detection, mitigation and remediation of cybersecurity incidents. We utilize various risk assessment tools and technologies to identify potential cyber and information security threats and risks, including engaging a third-party information technology services provider to perform risk evaluation and testing. In addition, the Company is in the process of implementing a program for all team members to participate in ongoing training and awareness programs that include periodic assessments to drive adoption and awareness of cybersecurity processes and controls.

 

We promote a company-wide culture of cybersecurity risk management intended to protect the confidentiality, integrity, and availability of our critical systems and the information contained therein. No risks from cybersecurity threats or previous cybersecurity incidents have materially affected, or are reasonably likely to materially affect, our business strategy, financial condition or results of operations. However, there can be no assurance that the controls and procedures in place to monitor and mitigate the risks of cyber threats will be successful or sufficient to avoid material losses or consequences in the future. Additionally, while we have insurance coverage in place that is designed to address certain aspects of cyber risks, such insurance coverage may be insufficient to cover all insured losses or all types of claims that may arise.

 

Our Board of Directors, as a whole and through its committees, oversees risk management, including cybersecurity risks. The Board has delegated risk management responsibilities, including but not limited to cybersecurity risk, to the Nominating and Governance Committee. Specifically, the Nominating and Governance Committee periodically reviews our cybersecurity policies, data security programs and plans that management has established to monitor compliance and assess preparedness.