SYNTEC OPTICS HOLDINGS, INC. 10-K Cybersecurity GRC - 2024-05-23

Page last updated on July 16, 2024

SYNTEC OPTICS HOLDINGS, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-05-23 14:40:49 EDT.

Filings

10-K filed on 2024-05-23

SYNTEC OPTICS HOLDINGS, INC. filed a 10-K at 2024-05-23 14:40:49 EDT
Accession Number: 0001493152-24-021130

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy We recognize the importance of protecting information assets such as the personally identifiable information of our employees, and proprietary business information, and have adopted policies, management oversight, accountability structures, and technology processes designed to safeguard this information. All of our employees are required to attest annually to our information security policies and participate in regular security awareness training to protect their information and the Syntec Optics data and systems to which they have access. These trainings also instruct employees on how to report any potential privacy or data security issues. We have developed and implemented a cybersecurity risk management program intended to protect the confidentiality, integrity, and availability of our critical systems and information. Our cybersecurity risk management program includes a cybersecurity incident response plan. We design and assess our program based on various cybersecurity frameworks, such as the National Institute of Standards and Technology (“NIST”). We use these cybersecurity frameworks and information security standards as a guide to help us identify, assess, and manage cybersecurity risks relevant to our business. Our cybersecurity risk management program is integrated into our overall enterprise risk management program, sharing common methodologies and governance processes across the enterprise risk management program. Specifically, our cybersecurity risk management program includes: ● risk assessments designed to help identify material cybersecurity risks to our critical systems and enterprise information technology (“IT”) environment; ● an internal security team and an external service provider principally responsible for managing (1) our cybersecurity risk assessment processes, (2) our security controls, and (3) our response to cybersecurity threats and incidents; ● the use of external service providers, where appropriate, to assess, test, or otherwise assist with aspects of our cybersecurity security controls; ● cybersecurity awareness training for our employees, incident response personnel, and senior management on an annual basis as part of the risk mitigation strategy; ● annual testing of the effectiveness of the cybersecurity awareness training; ● a cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents; ● a third-party risk management process for service providers, suppliers, and vendors; and ● cybersecurity internal and external penetration testing. We work with third-party service providers to proactively assess our information security program and provide us with an industry view of the cyberthreat landscape, in addition to monitoring and supporting our control environment and breach notification and response processes. As of the date of this Annual Report on Form 10-K, cybersecurity threats have not materially affected and we believe are not reasonably likely to materially affect Syntec Optics, including our business strategy, results of operations, or financial condition. Refer to the risk factor captioned “Cyberattacks and security vulnerabilities could lead to reduced revenue, increased costs, liability claims, or harm to our reputation or competitive position.” in Part I, Item 1A. “Risk Factors” for more information regarding cybersecurity risks and potential related impacts on Syntec Optics. Governance We have a formal information security program, designed to develop and maintain privacy and data security practices to protect Syntec Optics assets and sensitive third-party information, including personal information. This program is governed by a sub-committee of our Audit Committee, comprising members of senior management, which meets regularly and reports to the Board of Directors at least annually (the “Information Security Governance Committee”). Our Audit Committee Chair has a certificate in Cybersecurity Oversight from the Software Engineering Institute at Carnegie Mellon University. Members of the Information Security Governance Committee oversee communications with the Board of Directors regarding material cybersecurity incidents and provide the Board with a summary of risks from current cybersecurity threats on a regular basis, as well as updates on management’s information security program oversight and maintenance activities, and any material changes to Syntec Optics’ information security practices and procedures. We take a risk-based approach to cybersecurity and have implemented policies throughout our operations that are designed to address cybersecurity threats and our response to actual or suspected incidents. In particular, the Information Security Governance Committee is responsible for the ongoing identification and assessment of reasonably foreseeable cybersecurity threats and based on these assessments, evaluating and overseeing the implementation of safeguards for limiting such risks, including employee training and compliance, and detection and prevention mechanisms. If a cybersecurity incident occurs, the Information Security Governance Committee will assemble an incident response team responsible for the identification, remediation, and post-incident review of such incident, engage outside advisors and notify third parties as appropriate, and assess the materiality of the nature, scope, and timing of a given incident and whether public disclosure is required. The CFO, in coordination with the Information Security Governance Committee, is responsible for leading the assessment and management of cybersecurity risks. The CFO holds a Masters Degree in Information Systems, and provides the Board of Directors as part of the Information Security Governance Committee’s updates discussed above and regularly communicates with the other members of the Information Security Governance Committee and senior management regarding cybersecurity risks.

Company Information