Yubo International Biotech Ltd - (YBGJ)
10-K Filing Date: April 12, 2024
Risk Management and Strategy
We are a holding company. Yubo Beijing has implemented and maintain various information security processes designed to identify, assess and manage material risks from cybersecurity threats to its critical computer networks, third-party hosted services, communications systems, hardware and software, and its critical data, including intellectual property, confidential information that is proprietary, strategic or competitive in nature, and trade secrets, data related to its stem cell bank and customers of its light application products and health related services (collectively, the “Information Systems and Data”).
The cybersecurity function within Yubo Beijing helps identify, assess and manage its cybersecurity threats and risks. The cybersecurity function identifies and assesses risks from cybersecurity threats by monitoring and evaluating the threat environment using various methods including, for example manual tools, internal or external audits, automated tools, subscribing to and analyzing reports and services that identify cybersecurity threats and threat actors, conducting vulnerability assessments to identify vulnerabilities, conducting scans of the threat environment, and evaluating threats reported to management. Yubo Beijing implements and maintains various technical, physical, and organizational measures, processes, standards and policies designed to manage and mitigate material risks from cybersecurity threats to the Information Systems and Data, including, for example: an incident response policy, incident detection and response, data encryption, network security controls, system monitoring, penetration testing, employee training, a dedicated cybersecurity staff member, and physical security mechanisms.
Yubo Beijing’s assessment and management of material risks from cybersecurity threats are integrated into its overall risk management processes. For example, the cybersecurity function works with management to prioritize the risk management processes and mitigate cybersecurity threats that are more likely to lead to a material impact to its business.
Yubo Beijing uses third-party service providers to assist it from time to time to identify, assess, and manage material risks from cybersecurity threats, including for example cybersecurity software providers, managed cybersecurity service providers, and penetration testing firms. Yubo Beijing also uses third-party service providers to perform a variety of functions throughout its business, such as application providers and hosting companies. Yubo Beijing manages cybersecurity risks associated with its use of these providers by reviewing their security assessments and applicable reports.
Cybersecurity Governance
Our Board considers cybersecurity risk as part of its risk oversight function and is responsible for overseeing the cybersecurity and other information technology risks. Our board also oversees Yubo Beijing’s management’s implementation of the cybersecurity risk management program.
The Board receives periodical reports from Yubo Beijing’s management on cybersecurity risks. In addition, Yubo Beijing’s management updates the Board, as necessary, regarding any material cybersecurity incidents, as well as any incidents with lesser impact potential.
The Board also receives briefings from Yubo Beijing’s management on the cyber risk management program. Board members receive presentations on cybersecurity topics certain Yubo Beijing’s management, internal security staff or external experts as part of the Board’s continuing education on topics that impact public companies.
Yubo Beijing’s management team is responsible for assessing and managing the material risks from cybersecurity threats. The team has primary responsibility for its overall cybersecurity risk management program and supervises both its internal cybersecurity personnel and its retained external cybersecurity consultants. Yubo Beijing’s management team’s experience includes decades of managing public pharmaceutical companies, including their related information technology and cybersecurity risk management programs.
31 |
Yubo Beijing’s management team supervises efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, which may include briefings from internal security personnel; threat intelligence and other information obtained from governmental, public or private sources, including external consultants engaged by Yubo Beijing; and alerts and reports produced by security tools deployed in the IT environment.