LIGHTPATH TECHNOLOGIES INC 10-K Cybersecurity GRC - 2024-09-19

Page last updated on September 19, 2024

LIGHTPATH TECHNOLOGIES INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-09-19 16:24:45 EDT.

Filings

10-K filed on 2024-09-19

LIGHTPATH TECHNOLOGIES INC filed a 10-K at 2024-09-19 16:24:45 EDT
Accession Number: 0001654954-24-012103

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. Cybersecurity Risk Management and Strategy We have established and implemented a comprehensive cybersecurity risk management program aimed at safeguarding the confidentiality, integrity, and availability of our critical information technology (“IT”) systems and sensitive information. Our cybersecurity risk management program is fully integrated within our broader enterprise risk management framework, leveraging consistent methodologies, incident reporting channels, and governance processes. These approaches are used not only for cybersecurity risks but also for managing other areas of risk, including legal, compliance, strategic, operational, and financial. The program is continuously assessed and refined, using the National Institute of Standards and Technology Cybersecurity Framework (“NIST CSF”) as a guiding tool to identify, prioritize, and manage cybersecurity risks that could significantly affect our operations, financial performance, or business objectives. Key components of our cybersecurity risk management program include: · Cybersecurity Incident Response Plan (“CIRP”): Our CIRP ensures we are prepared to respond to, report, and remediate any cybersecurity incidents effectively. Led by the Chief Information Officer (“CIO”), our corporate compliance and risk management team manages all aspects of incident response. For significant incidents, additional third-party resources would be mobilized to mitigate impact on the business. · Continuous Vulnerability Management: We continuously monitor our IT networks and legacy systems to identify threats that may adversely affect critical systems and information, ensuring that our broader IT environment remains secure. · Third-Party Cybersecurity Consultants: We engage trusted third-party cybersecurity experts to enhance our security posture, perform assessments, and provide strategic guidance, ensuring continuous improvement in our cybersecurity approach. · Cybersecurity Awareness Training: Employees, incident response teams, and senior management undergo regular training to ensure awareness of evolving cybersecurity threats and the appropriate responses. · Risk Management for Third-Party Providers: We conduct due diligence when selecting and periodically reviewing third-party service providers, suppliers, and vendors to ensure they comply with necessary cybersecurity standards. Cybersecurity Governance Our executive team and Board of Directors are actively involved in overseeing cybersecurity risks. The executive team and the CIO oversee the Company’s information security efforts and cybersecurity governance. This team regularly reviews our cybersecurity posture and any significant incidents that have occurred. The management of our cybersecurity risks is led by the CIO and the executive team who bring over 35 years of combined experience in cybersecurity, IT, and risk management. This team is responsible for the overall cybersecurity risk management program, collaborating with internal teams, external consultants, and cross-functional divisions. Their efforts are supported by threat intelligence from various sources, and they regularly benchmark our security practices against the NIST CSF. Our CIO reports regularly to the executive team, providing updates on cybersecurity strategies, current threats, and long-term planning. Additionally, the CIO provides an annual cybersecurity update, presenting an overview of significant cybersecurity risks and their potential impact on internal controls. In the event of a significant cybersecurity incident that escalates to a corporate crisis, the executive team and the Board will be engaged in alignment with the corporate compliance and risk protocols. While LightPath Technologies faces various cybersecurity threats as part of routine operations, no risks have been identified to date that could materially impact the company’s operations, strategy, financial condition, or overall business performance.

Company Information