Cosmos Health Inc. 10-K Cybersecurity GRC - 2024-08-05

Page last updated on August 5, 2024

Cosmos Health Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-08-05 17:09:44 EDT.

Filings

10-K filed on 2024-08-05

Cosmos Health Inc. filed a 10-K at 2024-08-05 17:09:44 EDT
Accession Number: 0001477932-24-004545

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity The Company’s cybersecurity principles, goals and targets are defined in a policy approved by the Board of Directors (the “Policy”). This Policy is anchored in a risk-based approach based on industry standards to balance the level of cybersecurity against the risks faced by the Company. Material risks are managed by both internal resources and third-party contractors, with cybersecurity risk monitoring integrated into our overall risk management program. The Company believes that effective information security management is necessary for the secured sharing and protection of information within the Company’s cyberspace. The Policy applies to all directors, officers, employees and contractors of the Company and any parent, holding companies and subsidiaries regardless of their contract terms, who use the Company’s technological devices. The Board of Directors is responsible for leading the Company to minimize the risk of unauthorized and malicious use, disclosure, potential theft, alteration or damaging effects on the Company’s operations while concurrently enabling the sharing of information in cyberspace. The Board of Directors is committed to ensuring that risks to the confidentiality, integrity or availability of Company-owned information assets are managed appropriately by implementing an information security risk management approach. The Audit Committee oversees the Policy and its implementation of the Company’s oversight, programs, procedures, and policies related to cybersecurity, cybersecurity risks, information security, and data privacy. Team leads from various departments of the Company have been identified under the Policy to report to the Company’s CFO overseeing the cybersecurity strategy as defined in the Policy. The management team includes members with IT backgrounds and relevant experience to guide our cybersecurity efforts. Management ensures that employees are provided with adequate resources and training to fully understand cybersecurity guidelines and expectations. In the event of a Policy breach, members of the management team may be asked by the IT Department to assist with security investigations. If any member of management is unaware of the best course of action in dealing with an IT-related matter, the manager shall immediately contact the Company’s third-party IT representative. Upon discovering a potential violation of the Policy or a cybersecurity breach, the member of management must document the incident and request the individual surrender possession of any devices that may have suffered a security breach. Additionally, the Company’s management reports to the Audit Committee on the Company’s and its subsidiaries’ strategies, risks, metrics and operations relating to cybersecurity and information security matters, including significant cybersecurity and information security-related projects and initiatives and related progress, the integration and alignment of such strategy with the Company’s overall business and strategy, and trends that may affect such strategy or operations. In 2023, we did not identify any cybersecurity threats that have materially affected or are reasonably likely to materially affect our business strategy, results of operations, or financial condition. However, despite our efforts, we cannot eliminate all risks from cybersecurity threats, or provide assurances that we have not experienced an undetected cybersecurity incident.

Company Information