Strategy, Governance and Risk Management

Reflect Scientific maintains a cyber risk management program designed to identify, assess, manage, mitigate, and respond to cybersecurity threats, including the assessment of cybersecurity risks related to third-party vendors and suppliers. This program is integrated within the Company’s enterprise risk management process and the results of the risk assessment, which occurs at least annually, along with mitigation strategies, are discussed with the senior management.

The underlying controls of the cyber risk management program are based on recognized best practices and standards for cybersecurity and information technology, including the National Institute of Standards and Technology (“NIST”) Cybersecurity Framework (“CSF”) and the International Organization Standardization (“ISO”) 27001 Information Security.