Accredited Solutions, Inc. - (ASII)

10-K Filing Date: July 16, 2024
Item 1C. Cybersecurity.

 

We use, store and process data for and about our customers, employees, partners and suppliers. We have not yet implemented a formal cybersecurity risk management program designed to identify, assess and mitigate risks from cybersecurity threats to this data, our systems and business operations. We intend to implement a cybersecurity risk management program before the end of 2024.

 

Cyber Risk Management and Strategy

 

Under the oversight of the Board of Directors (since we do not currently have an Audit Committee), we intend to implement and maintain a risk management program that includes processes for the systematic identification, assessment, management, and treatment of cybersecurity risks. Our cybersecurity oversight and operational processes would be integrated into our overall risk management processes. We intend to implement a risk-based approach to the management of cyber threats, supported by cybersecurity technologies, including automated tools, designed to monitor, identify and address cybersecurity risks. In support of this approach, it is expected that we would have a third-party security consultant implement processes to assess, identify and manage security risks to our company, including in the pillar areas of security and compliance, application security, infrastructure security and data privacy. This process, once implemented, would include regular compliance and critical system access reviews. In addition, we intend to conduct application security assessments, vulnerability management, penetration testing, security audits and ongoing risk assessments as part of our risk management process.

 

We expect to utilize third parties and consultants to assist in the identification and assessment of risks, including to support tabletop exercises and to conduct security testing. We intend to utilize well-known cloud-based technologies and service providers, such as Amazon AWS, Microsoft Office, and Google enterprise to provide protection against cybersecurity threats.

 

Further, we intend to put processes in place that would evaluate potential risks from cybersecurity threats associated with our use of third-party service providers that would have access to our data, including a review process for such providers’ cybersecurity practices, risk assessments, contractual requirement and system monitoring.

 

Part of our intended program would be ongoing evaluation and enhancement of our systems, controls and processes where possible, including in response to actual or perceived threats specific to us or experienced by other companies.

 

Risks from cybersecurity threats have, to date, not materially affected us, our business strategy, results of operations or financial condition.