HARVARD BIOSCIENCE INC 10-K Cybersecurity GRC - 2024-03-07

Page last updated on July 16, 2024

HARVARD BIOSCIENCE INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-07 17:00:04 EST.

Filings

10-K filed on 2024-03-07

HARVARD BIOSCIENCE INC filed a 10-K at 2024-03-07 17:00:04 EST
Accession Number: 0001171843-24-001239

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. Cybersecurity Risk Management and Strategy We have implemented a cybersecurity risk management program intended to protect the confidentiality, integrity, and availability of our critical systems and information. Our cybersecurity risk management program is an element of and is integrated into our overall enterprise risk management program. Our framework is informed in part by the National Institute of Standards and Technology (NIST) Cybersecurity Framework and International Organization for Standardization 27001 (ISO 27001) Framework, although we have not been audited to, and may not be in compliance with, all technical standards, specifications or requirements under the NIST or ISO 27001 frameworks. Our cybersecurity risk management program includes: ● risk assessments designed to help identify material cybersecurity risks to our critical systems, information, products, services, and our broader enterprise information technology (“IT”) environment; ● a security team that is principally responsible for managing (1) our cybersecurity risk assessment processes, (2) our security controls, and (3) our response to cybersecurity incidents; ● the use of external service providers, where appropriate, to assess, test, or otherwise assist with aspects of our security controls; ● cybersecurity awareness training for our employees, incident response personnel, and senior management; ● assessment of material cybersecurity risks posed by third-party service providers, including risks to employee, customer and financial information; and ● a cybersecurity incident response protocol that includes procedures for responding to cybersecurity incidents. We have been, and expect to continue to be, subject to cybersecurity risks and incidents related to our business. To date, such risks and incidents have not materially affected our business strategy, results of operations or financial condition. For more information about the cybersecurity risks we face, see Item 1A - Risk Factors. Cybersecurity Governance Our Board considers cybersecurity risk as part of its enterprise risk management oversight function. This oversight includes periodic reports from management, including our Vice President of IT, concerning cybersecurity related risks. Our management team, including our Vice President of IT, is responsible for assessing and managing risks from cybersecurity threats. Our Vice President of IT has extensive information technology and program management experience, including broad experience in corporate and consulting environments across of range of organizations and industries. Where appropriate, she engages external cybersecurity consultants to assist with cybersecurity related matters. Our management team has primary responsibility for our overall cybersecurity risk management program and, under the leadership of our Vice President of IT, supervises both our internal personnel and external cybersecurity consultants. This includes efforts to prevent, detect, mitigate, and remediate cybersecurity risks. These efforts employ information from various sources, such as security tools deployed in our IT environment, internal personnel, external security consultants, and governmental sources.


Company Information

NameHARVARD BIOSCIENCE INC
CIK0001123494
SIC DescriptionLaboratory Analytical Instruments
TickerHBIO - Nasdaq
Website
CategoryAccelerated filer
Smaller reporting company
Fiscal Year EndDecember 30