Heart Test Laboratories, Inc. - (HSCS)
10-K Filing Date: July 29, 2024
Risk Management and Strategy
We utilize a combination of manual processes, specialized software and automated tools, and third-party assessments to assist with our cybersecurity efforts. We engage third-party service providers, with significant information technology and cybersecurity experience, to assist with designing, implementing and managing our information technology infrastructure and cybersecurity program. We consider the cybersecurity practices of our third-party service providers, including through a general security assessment and contractual requirements, as appropriate, before engaging them in order to help protect us from any related vulnerabilities.
Governance
Our third party service provider, alongside our senior management leads the operational oversight of the company-wide cybersecurity strategy, policy, standards and processes. As a smaller reporting Company, we do not have an employee who has significant and demonstrated professional IT management experience and possesses the requisite education, skills and experience expected to perform such a duty. The audit committee of the board of directors intends to provide oversight of our cybersecurity risk as part of its periodic review of enterprise risk management. Additionally, the board of directors intends to review our enterprise risk management processes and will be notified by management between management updates regarding significant new cybersecurity threats or incidents.
As of the date of this Annual Report on Form 10-K, we are not aware of any cybersecurity threats that have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations or financial condition. No matter how well designed or implemented our internal controls are, we will not be able to
63
anticipate all cybersecurity threats, and we may not be able to implement effective preventive or detective measures against such security breaches in a timely manner. While we maintain insurance that may cover certain liabilities in connection with certain disruptions, security breaches, and incidents, there can be no guarantee that our insurance coverage will be adequate to compensate us for the potential losses.