SMITH MIDLAND CORP 10-K Cybersecurity GRC - 2024-05-23

Page last updated on July 16, 2024

SMITH MIDLAND CORP reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-05-23 16:15:26 EDT.

Filings

10-K filed on 2024-05-23

SMITH MIDLAND CORP filed a 10-K at 2024-05-23 16:15:26 EDT
Accession Number: 0001654954-24-006855

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Cybersecurity Risk Management and Strategy The Company’s cybersecurity program is designed to protect its assets and information, and to maintain the secure storage and of proprietary information relating to our customers, employees, applicants, vendors, and other parties, including financial information and personal information. The Company’s cybersecurity program is formed using a risk-based approach with recommendations from cybersecurity consultants, cybersecurity insurers, and other third-party consultants. Our cybersecurity program includes, among others: · a cybersecurity education program with on-going employee activities, which include frequent phishing simulation and testing and annual training; · access management and access controls with periodic reviews; · when appropriate, use of external subject matter specialists, including assessors, insurers, and consultants, to provide incident response services and risk assessments; · engagement in security practices that include physical, administrative, and technical safeguards of systems and hardware; The Company continues to invest in its cybersecurity program and performs assessments to identify opportunities to enhance training and awareness and improve processes and technology used to identify, prevent, detect, respond, and recover from cybersecurity incidents. Governance Our Board of Directors has overall responsibility for risk oversight and oversees the implementation and continuous improvement of our cybersecurity program and compliance with disclosure requirements. The Board of Directors receives regular reports and periodic briefings from the Chief Financial Officer on cybersecurity matters, including key risks to the Company, recent developments, and risk mitigation activities. Our cybersecurity program is overseen by the Chief Financial Officer in conjunction with a third-party service provider. The third-party service provider has the primary responsibility for the Company’s cybersecurity risk management program. At the time an incident is identified, the Company completes an evaluation and summarizes the incident that is shared with the Board of Directors to effectively manage resources to reduce risk and prevent future incidents. 10 Incident Disclosure To date, the Company has been subject to cyber related incidents, as previously disclosed in the Company’s Quarterly Report for the quarters ended June 30, 2023 and September 30, 2023 and within this Annual Report. Since the identification of the incident, we have implemented additional safeguards designed to detect and prevent cybersecurity events that may have a material adverse effect on the Company.


Company Information

NameSMITH MIDLAND CORP
CIK0000924719
SIC DescriptionConcrete Products, Except Block & Brick
TickerSMID - Nasdaq
Website
CategoryNon-accelerated filer
Smaller reporting company
Fiscal Year EndDecember 30