MDWerks, Inc. 10-K Cybersecurity GRC - 2024-06-28

Page last updated on July 16, 2024

MDWerks, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-06-28 14:20:40 EDT.

Filings

10-K filed on 2024-06-28

MDWerks, Inc. filed a 10-K at 2024-06-28 14:20:40 EDT
Accession Number: 0001493152-24-025571

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Risk Management and Strategy As a smaller reporting company, we currently do not have formalized cybersecurity measures, a dedicated cybersecurity team or specific protocols in place to manage cybersecurity risks. Our approach to cybersecurity is in the developmental stage, and we have only begun to conduct comprehensive risk assessments, establish an incident response plan, and engage with external cybersecurity consultants for assessments or services. As of the date of this report, we have adopted an incident response plan which governs our assessment and response upon the occurrence of a material cybersecurity incident, including the process for informing senior management and our Board of Directors. Our Chief Executive Officer has been designated as the lead for implanting our incident response plan. Given our current stage of cybersecurity development, we have not experienced any significant cybersecurity incidents to date. However, we recognize that the absence of a formalized cybersecurity framework may leave us vulnerable to cyberattacks, data breaches and other cybersecurity incidents. Such events could potentially lead to unauthorized access to, or disclosure of, sensitive information, disrupt our business operations, result in regulatory fines or litigation costs and negatively impact our reputation among customers and partners. We are in the process of evaluating our cybersecurity needs and developing appropriate measures to enhance our cybersecurity posture. This includes considering the engagement of external cybersecurity experts to advise on best practices, conducting vulnerability assessments and developing an incident response strategy. Our goal is to establish a cybersecurity framework that is commensurate with our size, complexity and the nature of our operations, thereby reducing our exposure to cybersecurity risks. In addition, our board of directors will oversee any cybersecurity risk management framework and a dedicated committee of our board of directors will review and approve any cybersecurity policies, strategies and risk management practices. Despite our efforts to improve our cybersecurity measures, there can be no assurance that our initiatives will fully mitigate the risks posed by cyber threats. The landscape of cybersecurity risks is constantly evolving, and we will continue to assess and update our cybersecurity measures in response to emerging threats. Governance Board of Directors The audit committee of the Company’s board of directors, with the input of management, oversees the Company’s internal controls, including internal controls designed to assess, identify, and manage material risks from cybersecurity threats. The audit committee is informed of material risks, when applicable, from cybersecurity threats by the Company’s Chief Executive Officer. Updates on cybersecurity matters, including material risks and threats, are provided to the Company’s audit committee, and the audit committee provides updates to the Company’s board of directors at regular board meetings. Management Under the oversight of the audit committee of the Company’s board of directors, the Company’s Chief Executive Officer is primarily responsible for the assessment and management of material cybersecurity risks and establishing and maintaining adequate and effective internal controls covering cybersecurity matters. The audit committee of the Company’s board of directors, with the assistance of the Company’s Chief Executive Officer, is responsible for overseeing the establishment and effectiveness of controls and other procedures, including controls and procedures related to the public disclosure of material cybersecurity matters. As of the date of this report, other than the foregoing, the Company is not aware of any cybersecurity incidents that have materially affected or are reasonably likely to materially affect the Company, including its business strategy, results of operations, or financial condition and that are required to be reported in this report. For further discussion of the risks associated with cybersecurity incidents, see the cybersecurity risk factors in Item 1A. Risk Factors in this report.

Company Information