Crown Electrokinetics Corp. - (CRKN)

10-K Filing Date: April 01, 2024
ITEM 1C. CYBERSECURITY

 

Risk Management and Strategy

 

We rely heavily on our information technology (IT) systems across various aspects of our operations, from product development to customer relations. Given the innovative nature of our business, particularly in the realms of smart glass and fiber optics, ensuring the security, integrity, and availability of data is paramount. We operate in an environment where the protection of intellectual property and sensitive data, including proprietary technology information and customer data, is critical. We are therefore committed to a comprehensive cybersecurity strategy that encompasses not only compliance with relevant privacy laws but also proactive risk management.

 

Our cybersecurity framework is overseen its Information Technology (IT) Team. The IT team is geared towards developing and refining a risk-informed decision-making process, emphasizing the early identification and mitigation of cybersecurity risks. The Software Engineer leads the charge in implementing a cybersecurity risk management program, employing a mix of technological tools, rigorous processes, and external assessments to safeguard the our assets. Regular training programs, including those focused on phishing and secure data handling, are mandatory for all employees, reinforcing the culture of cybersecurity awareness.

 

Despite robust security measures, we acknowledge the possibility of cyber threats breaching its defenses. To this end, we have policies and plans, that ensures a swift and effective response to cybersecurity incidents. This includes a structured procedure for incident detection, analysis, containment, and recovery, underscored by the Software Engineer for material incident evaluation and communication.

 

Given the integration of third-party services within our operational framework, we extend our cybersecurity vigilance to our partners and suppliers. This includes contractual safeguards and continuous monitoring to manage and mitigate risks presented by external entities.

 

Governance

 

Board’s Roles and Responsibilities

 

The governance of cybersecurity within our is structured to ensure a clear delineation of oversight responsibilities. The Board of Directors, particularly through its Audit Committee, plays a crucial role in supervising our cybersecurity posture. The Audit Committee is composed of individuals with deep expertise in risk management, finance, and technology, enabling it to provide informed oversight of cybersecurity risks. Periodic briefings that are held ensures that the Board of Directors remains actively engaged in guiding and evaluating our cybersecurity strategy.

 

Management’s Roles and Responsibilities

 

Operational responsibility for cybersecurity falls to the management, led by the IT department. The management team is tasked with executing our cybersecurity strategy, focusing on risk assessment, incident prevention, and response. This includes conducting vulnerability assessments, ensuring continuous monitoring, and staying updated on cybersecurity trends and threats. The Software Engineer, with extensive experience in information security, works in close coordination with other key management roles to ensure a unified approach to cybersecurity across our company.

 

Our approach to cybersecurity is integral to its operations, reflecting a commitment to safeguarding its innovative technologies and sensitive data. Through a combination of strategic oversight by the Board of Directors and diligent execution by management, we aim to uphold the highest standards of cybersecurity resilience and integrity.

 

33