OneMedNet Corp - (ONMD)
10-K Filing Date: April 09, 2024
OneMedNet manages cybersecurity and data protection through a continuously evolving framework. The framework allows us to identify, assess and mitigate the risks we face, and assists us in establishing policies and safeguards to protect our systems and the information of those we serve. Our cybersecurity program is managed by our Director Product Management, Head of Data. The Audit Committee of the Board of Directors has oversight of our cybersecurity program and is responsible for reviewing and assessing the Company’s cybersecurity and data protection policies, procedures and resource commitment, including key risk areas and mitigation strategies. As part of this process, the Audit receives regular updates from the Director Product Management, Head of Data on critical issues related to our information security risks, cybersecurity strategy, supplier risk and business continuity capabilities. The Company’s framework includes an incident management and response program that continuously monitors the Company’s information systems for vulnerabilities, threats and incidents; manages and takes action to contain incidents that occur; remediates vulnerabilities; and communicates the details of threats and incidents to management, including the Director Product Management, Head of Data, as deemed necessary or appropriate. Pursuant to the Company’s incident response plan, any incidents are to be reported to the Audit Committee, appropriate government agencies and other authorities, as deemed necessary or appropriate, considering the actual or potential impact, significance and scope.
22 |
We employ an array of data security technologies, processes, and methods across our infrastructure to protect systems and sensitive information from unauthorized access. OneMedNet maintains comprehensive identity and access management practices (e.g., roles and access privileges for each user; multi-factor authentication, privileged user accounts, single sign-on, user lifecycle management) and employs a variety of security information and event management tools. We developed, maintain and utilize a global integrated information security framework to guide our practices, based on relevant industry frameworks and laws, including, but not limited to NIST, GxP, HITRUST, the ISO 27000 family, COBIT, GDPR, and HIPAA.
The framework consists of policies, standards, procedures, work Instructions and documentation. Information is classified into four categories to help individuals apply the right level of controls and safeguards to information, applications and systems. Our cybersecurity program focuses on all areas of our business, including cloud-based environments, data centers, devices used by employees and contractors, facilities, networks, applications, vendors, disaster recovery / business continuity and controls and safeguards enabled through business processes and tools. We continuously monitor for threats and unauthorized access.
We draw on the knowledge and insight of external cybersecurity experts and vendors, and internally employ dedicated, certified, cybersecurity staff, such as but not limited to, CISSP, CISM, CISA, CSSP or other equivalent certifications, that leverage an array of third-party tools to secure OneMedNet information infrastructure and protect systems and information from unauthorized access. Non-technical safeguards also play an important role in our cybersecurity program. We provide various training programs and tools to employees so they can avoid risky practices and help us promptly identify potential or actual issues. We also have global incident response procedures, global service tools to log incidents and issues for investigation, and an ethics line to report concerns and follow-up on matters already reported. The Compliance team, led by our Chief Compliance Officer, develops and implements our strategy, as well as monitors systems and devices for risks and threats.