Cardio Diagnostics Holdings, Inc. - (CDIO)

10-K Filing Date: April 01, 2024
Item 1C. Cybersecurity

Risk Management and Strategy

We have established policies and processes for assessing, identifying, and managing material risk from cybersecurity threats, and we have integrated these processes into our overall risk management program. We assess material risks from cybersecurity threats, including any potential unauthorized occurrence on or conducted through our information systems that may result in adverse effects on the confidentiality, integrity, or availability of our information systems or any information residing therein.

We have adopted as the governance framework for our cybersecurity program the Service Organization Control Type 2 (SOC2) and the Health Insurance Portability and Accountability Act (HIPAA). We use this framework as a guide to help us identify, assess, respond to, and manage cybersecurity risks relevant to our business. Our cybersecurity risk management program includes:

• periodic risk assessments designed to help identify material cybersecurity risks to our critical systems, information, and our broader enterprise information technology environment;

• skilled information security and data privacy personnel, who support our cybersecurity risk assessment processes, our security controls, and our response to cybersecurity incidents;

• external service providers, where appropriate, to monitor, assess, test, or otherwise assist with aspects of our security controls, and to support risk mitigation efforts;

• training for our employees on cybersecurity awareness and the importance of protecting information assets.

• periodic reviews of key cybersecurity policies, and updating as needed;

• a cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents.

• a third-party risk management platform is being used to govern and mitigate the potential risks, including a comprehensive process for service providers, suppliers, and vendors.

We have not identified any risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition.

Governance

Our Board considers cybersecurity risk as part of its risk oversight function and management expects to keep the Board informed of any material cybersecurity threats and expects to provide a report to the Board on a periodic basis and the Board will consider and oversee.

Our management team is responsible for assessing and managing our material risks from cybersecurity threats. Our Chief Technology Officer leads a team of information security professionals who have primary responsibility for our overall cybersecurity risk management program and supervises both our internal personnel and our external cybersecurity consultants.

Our management team oversees efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, which may include threat briefings from internal personnel and external service providers, as well as alerts and reports produced by security tools deployed in the information technology environment.

 

50 
 

 

 

© 2024 Material-Incidents. All rights reserved.