CANNAPHARMARX, INC. 10-K Cybersecurity GRC - 2024-05-16

Page last updated on July 16, 2024

CANNAPHARMARX, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-05-16 15:46:34 EDT.

Filings

10-K filed on 2024-05-16

CANNAPHARMARX, INC. filed a 10-K at 2024-05-16 15:46:34 EDT
Accession Number: 0001683168-24-003575

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C - CYBERSECURITY Risk management and strategy Data integrity, privacy, availability, and security are critical to the corporate information technology, communication networks, accounting and financial reporting platforms, and related systems which are necessary for the operation of our business. These systems are used to manage our vendor relationships, for internal communications, for accounting and record-keeping functions, and for many other key aspects of our business including site security. Our business operations rely on the data privacy and security necessary to safeguard and protect secure collection, storage, transmission, and other processing of proprietary, confidential, and sensitive data. We are continually assessing the need to implement and maintain various information security processes designed to identify, assess, and manage material risks from cybersecurity threats to our critical computer networks, third-party hosted services, communications systems, hardware and software, and our critical data, including confidential information that is proprietary, strategic or competitive in nature. We engage a third-party provider to identify, assess, and manage cybersecurity threats and risks which is achieved through monitoring and evaluating our threat environment and our risk profile using various methods including the use of manual and automated tools, analysis of reports of threats and threat actors, scanning the threat environment, and evaluation of our industry’s risk profile. Various technical, physical, and organizational measures, processes, standards, and policies designed to manage and mitigate material risks from cybersecurity threats to our systems and data have been implemented and are maintained. These include risk assessments, incident detection and response, vulnerability management, disaster recovery and business continuity plans, internal controls within our accounting and financial reporting functions, encryption of data, network security controls, access controls, physical security, systems monitoring, employee training, and penetration testing. 31 We engage certain third-party service providers to perform a variety of functions within our business and seek to ensure that we work with reliable, reputable service providers that maintain cybersecurity programs. Depending on the nature of the services provided, the sensitivity and quantity of information processed, and the identity of the service provider, our vendor management process may include reviewing provider cybersecurity practices, conducting provider security assessments, and conducting periodic provider reassessments during their engagement. We are not aware of any risks from cybersecurity threats or cybersecurity incidents which have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition. Governance Our board of directors is responsible for oversight of our strategy and risk management, including material risks related to cybersecurity threats. The board of directors engages in regular discussions with management regarding our significant financial risk exposures and the measures implemented to monitor and control these risks, including those that may result from material cybersecurity threats. Our management, represented by our Chief Executive Officer, Dean Medwid, leads our cybersecurity risk assessment and management processes and oversees their implementation and maintenance, including integration of cybersecurity risk considerations into our overall risk management strategy and communication of key priorities to relevant personnel. Management is responsible for cybersecurity-related matters including approval of processes; review of assessments and other matters; evaluation of potential impact of incidents to determine materiality based on the nature and scope of the incident and any impact to operations, assets, or reputation; and response to incidents, including reporting certain incidents to the audit committee. The audit committee receives periodic reports from management, including our Chief Executive Officer concerning any cybersecurity threats and risks considered to be significant and the processes we have implemented to address them.

Company Information