TurnOnGreen, Inc. - (IMHC)
10-K Filing Date: April 11, 2024
Information Security Program
Our information security organization safeguards the confidentiality, integrity, and availability of our systems, services, and data. We employ skilled security and technology professionals, both internal and external, and continually invest in the resources necessary to adapt and counter evolving cybersecurity threats. Our work is overseen by the Task Force (as defined below) for strategic guidance and accountability.
Cybersecurity Risk Management and Strategy
Our information security program incorporates a robust cybersecurity risk management strategy. This strategy prioritizes continuous improvement and ensures the confidentiality, integrity, and availability of our critical systems, data, and operations.
We leverage industry best practices, including guidance from the National Institute of Standards and Technology (NIST), to identify, assess, and manage cybersecurity risks relevant to our business. While we don't adhere to any specific technical standards or specifications, NIST provides a guide to help us identify, assess, and manage cybersecurity controls and risks relevant to our business.
• | Risk Identification: We proactively identify potential threats across our facilities, vendors, operations, systems, and broader IT environment. Threat intelligence, current attack trends, and industry-specific threats inform our risk assessments. |
• | Risk Evaluation: We conduct regular risk assessments to measure our preparedness against identified threats. |
• | Actionable Plans: We ensure risk is addressed and tracking any necessary remediation through an action plan. |
While cybersecurity risks are inherent to our industry, we have experienced no material impact on our business strategy, operations, or financial condition to date. We remain vigilant in managing these risks through our comprehensive security program.
Cybersecurity Governance
Management is responsible for the cybersecurity risk management program as well as actions to identify, assess, mitigate, and remediate material issues. The Company’s cybersecurity risk management program is supervised by our Chief Technology Officer (“CTO”), who reports directly to the Company’s Chief Executive Officer. The CTO and his team are responsible for leading cybersecurity strategy, policy, standards, architecture and processes.
Our board of directors has ultimate oversight of and is charged of cybersecurity matters and receives reports from the CTO on, among other things, the Company’s cyber risks and threats, the status of projects to strengthen the Company’s information security systems, and the emerging threat landscape. In accordance with our cyber incident response plan, the board of directors is promptly informed by management of cybersecurity incidents with the potential to materially adversely affect the Company or its information systems and is regularly updated about incidents with lesser impact potential. At least annually, the board of directors reviews and discusses the Company’s technology strategy in combination with the Company’s strategic objectives with Management.
In an effort to detect and defend against cyber threats, the Company annually provides its employees with various cybersecurity and data protection training programs. These programs cover timely and relevant topics, including social engineering, phishing, password protection, confidential data protection, asset use and mobile security, and educate employees on the importance of reporting all incidents promptly.