Connexa Sports Technologies Inc. 10-K Cybersecurity GRC - 2024-07-24

Page last updated on July 25, 2024

Connexa Sports Technologies Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-07-24 18:50:33 EDT.

Filings

10-K filed on 2024-07-24

Connexa Sports Technologies Inc. filed a 10-K at 2024-07-24 18:50:33 EDT
Accession Number: 0001493152-24-028975

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Cybersecurity risk Cybersecurity risk is the risk of harm or loss resulting from misuse or abuse of technology or the unauthorized disclosure of data. Overview Although Cybersecurity risk is an important and evolving focus for the Company, due to its small size and limited resources, the Company is unable to devote any internal resources to cybersecurity and relies entirely on its vendors, for email, e-commerce, order management, purchasing/direct shipping, financials, inventory, warranty and returns and remote access, for assessing, identifying and managing material risks from cybersecurity threats whose collective security efforts are designed to protect against, among other things, cybersecurity attacks that can result in unauthorized access to confidential information, the destruction of data, disruptions to or degradations of service, the sabotaging of systems or other damage. The Company’s vendors have implemented measures and controls reasonably designed to address cyber attacks, including enhanced threat monitoring. Our ERP software is made accessible, controlled and monitored through an extensive list of policies and procedures. These include protocols dictating acceptable use, management of confidential data, application monitoring, secure access policies and application access strategies. Operating System updates and security patches as well as application software updates released by the vendors are reviewed, tested and implemented on a regular basis. Data backup is achieved through hourly incremental backups with replications to off-site locations. User-level access is secured through industry standard encryption and supports accessibility rules including two factor authentication and VPNs. The data center where our ERP software is hosted achieves some of the highest compliance certifications including: ● ISO/IEC 27001: Certification for information security management systems. ● SOC 2: Compliance with the AICPA’s Trust Service Criteria, demonstrating security, availability, processing integrity, confidentiality, and privacy controls. ● HIPAA: Compliance with the Health Insurance Portability and Accountability Act for handling protected health information (PHI). ● GDPR: Compliance with the General Data Protection Regulation for protecting the privacy and rights of EU citizens’ data. ● PCI DSS: Compliance with the Payment Card Industry Data Security Standard for secure handling of payment card data. In addition, the data center where our ERP software is hosted achieves cybersecurity compliance through a multifaceted approach that encompasses various security measures and controls including: ● Physical Security. The data centers are highly secure facilities with strict access controls, surveillance systems, and perimeter fencing. Access to data centers is limited to authorized personnel only. ● Network Security. Advanced network security measures are implemented to protect against unauthorized access and malicious activities. This includes firewalls, DDoS (Distributed Denial of Service) protection, and encryption for data in transit. ● Data Encryption. Data is encrypted both at rest and in transit using industry-standard encryption algorithms. This ensures that data remains secure even if it’s intercepted or compromised. ● Access Control. Identity and Access Management (IAM) allows us to manage access to our resources securely. IAM enables granular control over permissions, roles, and access policies, reducing the risk of unauthorized access. ● Security Monitoring and Logging. The data centers support robust monitoring and logging capabilities, allowing us to track and analyze security-related events in real-time. This includes audit logging, activity tracking, and integration with security information and event management (SIEM) systems. 50 ● Incident Response. The data centers have established incident response procedures to detect, investigate, and mitigate security incidents promptly. This includes a dedicated security incident response team (SIRT) that coordinates response efforts and communicates with us. ● Third-Party Audits and Reviews. The data centers undergo regular third-party audits and reviews to validate its security controls and compliance with industry standards and regulations. These audits provide independent verification of the security posture and help build trust with customers. Third parties with which the Company does business, that facilitate the Company’s business activities (e.g., vendors, supply chain, exchanges, distributors and service providers) or that the Company has acquired are also sources of cybersecurity risk to the Company. Third party incidents such as system breakdowns or failures, misconduct by the employees of such parties, or cyber-attacks, including ransomware and supply-chain compromises, could have a material adverse effect on the Company, including in circumstances in which an affected third party is unable to deliver a product or service to the Company or where the incident delivers compromised software to the Company or results in lost or compromised information of the Company or its clients or customers. The Company does not have processes in place to oversee and identify risks from cybersecurity threats associated with its use of third-party service providers and vendors. Customers are also sources of cybersecurity risk to the Company and its information assets, particularly when their activities and systems are beyond the Company’s own security and control systems. Risks from cybersecurity threats, including any previous cybersecurity events, to-date have not materially affected and are not likely to materially affect the Company or its business strategy, results of operations or financial condition. Notwithstanding the approach that the Company takes to address cybersecurity risk via its vendors, the Company may not be successful in preventing or mitigating a future cybersecurity incident that could have a material adverse effect on the Company or its business strategy, results of operations or financial condition. The Company has not and, for the foreseeable future, does not intend to engage third-party assessors or auditing firms with industry-recognized expertise on cybersecurity matters to review specific aspects of the Company’s or its vendors’ cybersecurity risk management framework, processes and controls. Governance and oversight The Company’s board of directors has not to-date exercised any oversight of risks from cybersecurity threats and none of its committees is tasked with or responsible for oversight of risks from cybersecurity threats. The Company’s board of directors will review its cybersecurity oversight going forward on a periodic basis and, if the Company makes adequate resources available, effect changes therein.

Company Information