Page last updated on July 16, 2024
PSYCHEMEDICS CORP reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-28 08:30:47 EDT.
Filings
10-K filed on 2024-03-28
PSYCHEMEDICS CORP filed a 10-K at 2024-03-28 08:30:47 EDT
Accession Number: 0001171843-24-001671
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
Item 1C. Cybersecurity Our business depends on the availability, reliability, and security of our information systems, networks, data, and intellectual property. Any disruption, compromise, or breach of our systems or data due to a cybersecurity attack or incident, such as a data breach, ransomware, malware, phishing, or other form of cybercrime, could adversely affect our operations, customer service, product development, and competitive position. Such incidents may also result in a breach of our contractual obligations or legal duties to protect the privacy and confidentiality of our stakeholders. They could expose us to business interruption, lost revenue, ransom payments, remediation costs, liabilities to affected parties, cybersecurity protection costs, lost assets, litigation, regulatory scrutiny and actions, reputational harm, customer dissatisfaction, harm to our vendor relationships, or loss of market share. At Psychemedics, the Vice President of Information Technology also serves in a dual capacity as the Chief Information Security Officer (VPIT & CISO) overseeing our information security program. The VPIT & CISO’s team is tasked with the development and implementation of cybersecurity strategy, policy, standards, architecture, and processes. Our cybersecurity program is aligned with industry standards and best practices, such as the CIS Critical Security Controls (“CIS 18”) Implementation Group 1 (“IG1”) guidelines. We maintain an incident response and recovery plan, including measures for responding to and recovering from cybersecurity incidents. To minimize the threat surface, we strategically limit the use of third-party service providers with access to personal, confidential, or proprietary information. Also, we evaluate these providers and take steps to help mitigate risks associated with their use and minimize the potential for supply chain attacks. Employing a risk-based approach, we are committed to continuously reassessing our cybersecurity posture and improving our defenses in response to evolving and emerging threats. While we have not experienced any known material incident in the past year, we acknowledge that we have limited resources dedicated to identifying and mitigating cybersecurity risks and that an information security plan is not infallible. 10 At least twice each calendar year, the VPIT & CISO will report on the health and status of our information security program to our Board of Directors, or a committee thereof, as well as to our Chief Executive Officer and other members of our senior management as appropriate. These reports typically include a high-level overview of current and emerging cybersecurity risks; an assessment of the organization’s overall security posture; incident reports; an update on our compliance with relevant cybersecurity laws, regulations, and standards; an overview of ongoing and planned initiatives to strengthen the organization’s cybersecurity defenses; and strategic recommendations.
Company Information
| Name | PSYCHEMEDICS CORP |
| CIK | 0000806517 |
| SIC Description | Services-Medical Laboratories |
| Ticker | PMD - Nasdaq |
| Website | |
| Category | Non-accelerated filer Smaller reporting company |
| Fiscal Year End | December 30 |