Item 1C. CYBERSECURITY RISK MANAGEMENT, STRATEGY AND GOVERNANCE

 

Risk Management and Strategy

 

We have implemented a cybersecurity process that is designed to assess, identify, manage and govern material risks from cybersecurity threats and requires a firewall for outside connections. We operate a closed server in a locked room and regularly examine cybersecurity threats that could compromise our information system’s security or data and otherwise maintain our cybersecurity policies and procedures in accordance with industry standard control frameworks and applicable regulations, laws, and standards.

 

We regularly check and improve our security measures and educate our employees about such measures with the help of our information technology (IT) team. Key personnel are made aware of our cybersecurity process through trainings.

 

We do not engage third party professionals or disclose our internal security measures to private parties.

 

We have never experienced a cybersecurity incident that was determined to be material, although, like many technology-dependent companies operating in the current environment, we have experienced cybersecurity incidents in the past. For additional information regarding whether any risks from cybersecurity threats are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition, please see the section titled “Risk Factors.”

 

Governance

 

One of the key functions of our board of directors, in connection with our IT team, is informed oversight of our risk management process, which includes risks from cybersecurity threats. Our board of directors monitors and assesses strategic risk exposure, and our executive officers manage the material risks we face.

 

Our Vice President of Operations, who has over 30 years of experience in IT and marketing, works with our board of directors to manage our cybersecurity policies and processes, including those described in the “Risk Management and Strategy” section above. Together, they stay informed and manage how we identify, address, prevent and resolve cybersecurity issues and related matters. They also track how we prevent, identify, lessen, and address cybersecurity issues. This is done through regular checks of our systems, tests to identify security weaknesses, and maintaining an incident response plan.

 

In addition to such regular system checks, our Vice President of Operations, together with the board, regularly discuss active, emerging and potential cybersecurity risks. They keep each other informed about significant changes affecting cybersecurity, and they periodically update management with these changes, as well as our cybersecurity risks, so that management can administer its oversight function as a part of its broader oversight and risk management.