PAVmed Inc. 10-K Cybersecurity GRC - 2024-03-25

Page last updated on July 16, 2024

PAVmed Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-25 17:26:44 EDT.

Filings

10-K filed on 2024-03-25

PAVmed Inc. filed a 10-K at 2024-03-25 17:26:44 EDT
Accession Number: 0001493152-24-011172

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Governance Our board administers its cybersecurity risk oversight function directly through our audit committee. Our audit committee has primary responsibility for overseeing our risk assessment and risk management policies (including with respect to cybersecurity matters). Our audit committee regularly discusses with management, counsel, and auditors the Company’s major risk exposures. This includes potential financial impact on the Company and the steps taken to monitor and control those risks. Additionally, our board is informed regarding the risks facing the Company and coordinates with management and our cybersecurity team to ensure our board receives regular risk assessment updates from management. We retain Techneto, Inc. d/b/a CyberTeam (“CyberTeam”), a third party vendor that reports directly to our Chief Operating Officer, to be responsible for identifying, assessing and managing the Company’s risks from cybersecurity threats. CyberTeam has been with the Company since its inception and has over 25 years of experience in cybersecurity. CyberTeam provides our board and executive leadership team with periodic updates about our cybersecurity program and material risks. This includes updates on cybersecurity practices, programs, and the status of projects designed to strengthen internal cybersecurity and data protection. Risk Management and Strategy Processes for identifying and assessing cybersecurity risks Senior management, with the support of CyberTeam, monitors current events and trends related to cybersecurity and assesses any potential impact on current systems and operations. Third-party partners who are in possession of our confidential information are generally required to notify us in the event of a cybersecurity incident within their systems that have, or are reasonably likely to, compromise the security of such information. When appropriate, we enlist CyberTeam to perform a risk and security assessment of the cybersecurity protocols and procedures of critical third-party partners. Processes for managing cybersecurity risks CyberTeam tracks risks and incidents related to cybersecurity until the risk is mitigated to an acceptable level or fully remediated. When risks are identified, CyberTeam oversees mitigation plans with the risk owner which are communicated to necessary teams and remediation steps are taken. Processes for incorporating cybersecurity risks into the overall risk management process Our process for identifying, assessing, and managing risks related to cybersecurity generally involves CyberTeam regularly meeting with our executive leadership team, and when appropriate, our board and/or audit committee to discuss cybersecurity related risks identified and the potential likelihood and severity of each risk. Currently, we are not aware of any risks from cybersecurity threats, or from previous cybersecurity incidents, that have materially affected or are reasonably likely to materially affect the Company.


Company Information

NamePAVmed Inc.
CIK0001624326
SIC DescriptionSurgical & Medical Instruments & Apparatus
TickerPAVM - NasdaqPAVMZ - Nasdaq
Website
CategoryNon-accelerated filer
Smaller reporting company
Fiscal Year EndDecember 30