Omega Flex, Inc. - (OFLX)

10-K Filing Date: March 11, 2024
Item 1C – CYBERSECURITY

 

Our IT networks and related systems are critical to the operation of our business and essential to our ability to successfully perform day-to-day operations. We have implemented security measures and controls to mitigate risks to our IT networks and related systems, including the risks of disruption, release of confidential information, and corruption of data. This includes a variety of technological tools and systems, including both company-owned IT and technology services provided by outside parties to support our critical functions, and in particular, the following:

 

External port penetration testing;
Security violation report reviewed routinely for any abnormalities;
Ongoing employee training and testing on cyber risks;
Site assessment, procedural review and testing in connection with cyber insurance renewals; and

Routine server back-up.

 

In terms of governance, the Company employs an IT director, with over 20 years of relevant experience, who supervises our other IT employees and is also responsible for our outside technology services. Our IT director reports directly to our President and reviews cybersecurity assessments with our President on at least a monthly basis. Our President is responsible for escalating any cybersecurity matters as appropriate, in consultation with our General Counsel. Our Board of Directors is ultimately responsible for oversight of cybersecurity risk management and receives regular reports from, and engages in regular dialogue with, Company management.

 

While we believe we have implemented appropriate measures and controls for our business, there can of course be no assurance that cyber incidents will be prevented or of their severity if they occur. To date, to our knowledge, there have been no incidents materially affecting the Company, but a material incident could result in disruption of critical IT networks and systems, impeding our operations, release of confidential information, and/or corruption of data. Such an incident could damage our reputation and brand and our future sales and could expose us to potential liability. See Item 1A. Risk Factors - A cyber security incident or other technology disruption could harm us.