ORTHOPEDIATRICS CORP 10-K Cybersecurity GRC - 2024-03-08

Page last updated on July 16, 2024

ORTHOPEDIATRICS CORP reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-08 17:23:05 EST.

Filings

10-K filed on 2024-03-08

ORTHOPEDIATRICS CORP filed a 10-K at 2024-03-08 17:23:05 EST
Accession Number: 0001425450-24-000013

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY To combat the ever-present cyber risks, the Company maintains a comprehensive cybersecurity program, which includes ongoing employee training, annual risk assessments and a comprehensive cybersecurity environment meant to detect, prevent, and limit unauthorized or harmful actions across our information technology environment. We operate in the medical device sector, which is subject to various cybersecurity risks that could adversely affect our business, financial condition, and results of operations, including intellectual property theft; fraud; extortion; harm to employees or customers; violation of privacy laws and other litigation and legal risk; and reputational risk. We have implemented a risk-based approach to identify and assess the cybersecurity threats 69 that could affect our business and information systems and partner with a third-party hosted provider. Our cybersecurity program is aligned with industry standards, such as the National Institute of Standards and Technology (“NIST”) Cybersecurity Framework. We use various tools and methodologies to manage cybersecurity risk that are tested on a regular cadence. We also monitor and evaluate our cybersecurity performance on an ongoing basis through regular vulnerability scans, penetration tests and threat intelligence feeds. We require third-party service providers with access to personal, confidential, or proprietary information to implement and maintain comprehensive cybersecurity practices consistent with applicable legal standards. Our VP of Information Technology has expertise in the following areas which assist in assessing and managing applicable cybersecurity risk: 36 years of IT experience including endpoint detection, security, incident management and response, vulnerability management and response, event management and response, and network security segmentation. The VP of Information Technology provides regular reports on ongoing risk and mitigation practices to our COO and CFO, who then reports to the Board. Our incident response policy, which is updated from time to time, provides that management reports to the Board in the event of any detected material incident and regularly updates them on the mitigation and remediation steps being taken in connection with the Company’s response. The Board considers cybersecurity risks in business strategy by getting updates on cybersecurity risk assessment. It assesses the experience of management personnel responsible for preventing, mitigating, detecting, and remediating any cyber incidents, including the VP of Information Technology as well as third-party providers. The Company has not experienced any cybersecurity threats, including as a result of any previous cybersecurity incidents, that have materially affected the Company, including its business strategy, results of operations or financial condition. In 2023, we upgraded our enterprise resource planning system to enhance operating efficiencies and provide more effective management of our business operations. The upgrade was substantially completed in the third quarter of 2023. The upgrade included training of personnel, migration of data, and maintaining effective internal controls.


Company Information

NameORTHOPEDIATRICS CORP
CIK0001425450
SIC DescriptionSurgical & Medical Instruments & Apparatus
TickerKIDS - Nasdaq
Website
CategoryNon-accelerated filer
Smaller reporting company
Fiscal Year EndDecember 30