ADM TRONICS UNLIMITED, INC. - (ADMT)

10-K Filing Date: July 15, 2024

ITEM 1C. CYBERSECURITY

 

Risk management and strategy

 

We rely on our information technology to operate our business. We have policies and processes designed to protect our information technology systems, some of which are managed by third parties, and resolve issues in a timely manner in the event of a cybersecurity threat or incident.

 

Due to our highly regulated stature for medical device development and manufacture, we have been practicing cybersecurity for a long time. We are ISO-13485 Certified for medical device manufacturing. Elements of that certification include risk management. And we are knowledgeable about ISO-27001. We have an engineer responsible for the security of our computers, network, etc.

 

We have robust firewalls for all access points. We have top line anti-virus on all computers and networks. We have prioritized the risks to protect our networks. To protect our departments we have implemented an architecture of a separate network for administration and one for engineering. This gives redundancy and protection. There is onsite as well as offsite backup as well as a separation of WiFi for visitors to prevent access to our network.

 

A plan is in place to restore our networks if attacked by both our on-site backup and, if needed the off-site backup. We have very complex software for our engineering. We also have a robust accounting ERP software. These are regularly maintained and updated.

 

We have an independent consultant who is a cybersecurity expert who has advised us on the above systems and procedures.

 

We have not encountered cybersecurity threats or incidents that have had a material impact on our business.

 

Governance

 

Our committee for the review and implementation of cybersecurity policies and procedures are made up of the CEO, CSO and VP of Regulatory and through the CEO, provides an update to the Board of Directors on any risks related to cybersecurity on a quarterly basis. Our incident response plan includes notifying the Board of Directors of any material threats or incidents that arise.