QDM International Inc. 10-K Cybersecurity GRC - 2024-07-01

Page last updated on July 16, 2024

QDM International Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-07-01 17:15:22 EDT.

Filings

10-K filed on 2024-07-01

QDM International Inc. filed a 10-K at 2024-07-01 17:15:22 EDT
Accession Number: 0001213900-24-057975

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. Risk Management We may face significant and persistent cybersecurity risks due to the need to protect our business, our confidential information and information concerning our personnel and others with whom we conduct business. As with other insurance brokerage companies, we occasionally face threats from actors who seek to disrupt our business as well as others who are engaging in malicious activities for profit, to make a political point or for no particular reason other than creating disruption. Disclosure of certain information as a result of a cybersecurity breach may result in a breach of privacy laws. The substantial level of harm that could occur to us and our business partners and customers were we to suffer impacts of a material cybersecurity incident; and our use of third-party products, services and components requires us to maintain robust governance and oversight of these risks and to implement mechanisms, technologies and processes designed to help us assess, identify, and eliminate these risks. While we have not, as of the date of this Report, experienced a cybersecurity threat or incident that resulted in a material adverse impact to our business or operations, we cannot assure you that we will not experience such an incident in the future. Any cybersecurity incidents, whether or not successful, could result in our incurring additional costs related to, for example, rebuilding our internal systems, implementing additional threat protection measures, responding to regulatory inquiries or actions, paying damages or making payments to obtain access to our computer systems, or taking other remedial steps with respect to third parties, as well as incurring significant reputational harm. We seek to detect and investigate unauthorized attempts and attacks against our network, products, and services, and to prevent their occurrence and recurrence where practicable through changes or updates to our internal processes and tools and changes or updates to our products and services; however, we remain potentially vulnerable to known or unknown threats. In some instances, we, our business partners and our customers can be unaware of a threat or incident or its magnitude and effects. Further, there are increasing regulation requirements regarding responses to cybersecurity incidents, including reporting to regulators, which could subject us to additional liability and reputational harm. Governance Following these risk assessments, we evaluate whether and how to re-design, implement, and maintain reasonable safeguards to mitigate identified risks and reasonably address any identified gaps in existing safeguards. Our responsible offer is directly supervising our employees’ compliance of our internal safeguards and she reports to our Chief Executive Officer periodically and on an as-needed basis to manage our risk assessment and mitigation process. We monitor and test our safeguards and regularly conduct training for our employees on these safeguards, in collaboration with human resources, IT, and management. We are committed to promoting a company-wide culture of cybersecurity risk management. We have not encountered cybersecurity risks, threats or incidents that have materially affected or are reasonably likely to materially affect the Company, our business strategy, results of operations, or financial condition during the fiscal year ended March 31, 2024.

Company Information