enVVeno Medical Corp - (NVNO)
10-K Filing Date: February 29, 2024
The Company’s cybersecurity risks are theft of intellectual property, theft of other business data, fraud or extortion, lack of access to our information systems, harm to employees, harm to business partners, violation of privacy laws, potential reputational risk, and litigation or other legal risk if a cybersecurity incident were to occur. It is difficult to assign a monetary materiality assessment to these risks or to the impact if the Company were to sustain a breach of its systems. Our approach is based on the premise that any cybersecurity incident could result in material harm to the Company.
Our Audit Committee has been designated with oversight responsibility for cybersecurity risks and our Chief Financial Officer is responsible for managing our efforts in this area. Neither the Chief Financial Officer nor any member of the Audit Committee has relevant expertise in cybersecurity. Rather, the Company retains an outside technical expert to support our information technology systems including addressing cybersecurity risks.
We conduct annual assessments of risks posed by cybersecurity threats in conjunction with our insurance renewal cycles. This includes a thorough review of our systems and vulnerabilities. As a result of these assessments, we have implemented tools and practices to proactively monitor our systems and user accounts including, but not limited to, deploying solutions to constantly monitor users accessing systems, implementation of two factor authentication for logins, and improved rules for password maintenance.
Like many companies, we make use of cloud-based solutions provided by several large service providers for critical information technology infrastructure such as email and file storage. We do not maintain stand-alone servers for our email, file storage or other business applications. In the normal course of our relationships with the providers of these services, we regularly monitor their message boards and other formal and informal communications channels for signs of breaches of their systems. We also survey available public information for indications that they have suffered a breach of their systems.
Certain of our business partners also maintain data related to our trials and ongoing product development on servers they maintain. We require these partners to comply with all HIPAA standards for maintaining security of their systems where this data resides.