DYNATRONICS CORP 10-K Cybersecurity GRC - 2024-09-24

Page last updated on September 24, 2024

DYNATRONICS CORP reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-09-24 15:00:30 EDT.

Filings

10-K filed on 2024-09-24

DYNATRONICS CORP filed a 10-K at 2024-09-24 15:00:30 EDT
Accession Number: 0001062993-24-016944

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Failures in, material damage to, or interruptions in our information technology systems, including as a result of cyber-attacks, and difficulties in updating our existing software or developing or implementing new software, could have a material adverse effect on our business or results of operations. We depend increasingly on our information technology systems in the conduct of our business. For example, we own, license or otherwise contract for technology and systems to do business with customers, including for order entry and fulfillment, processing and payment, product shipping and product returns. We also maintain internal and external communications, product inventory, supply, production and enterprise management, and personnel information on information systems. Our information systems are subject to damage or interruption from power outages, computer and telecommunications failures, computer viruses, security breaches and natural and man-made disasters. In particular, from time to time we and third parties who provide services for us experience cyber-attacks, attempted breaches of our or their information technology systems and networks or similar events, which could result in a loss of sensitive business or customer information, systems interruption or the disruption of our operations. The techniques used to obtain unauthorized access, disable or degrade service or sabotage systems change frequently and may be difficult to detect for long periods of time, and accordingly we may be unable to anticipate and prevent all data security incidents. Like many businesses, our systems come under frequent attack from third parties. We are required to expend capital and other resources to protect against such cyber-attacks and potential security breaches or to alleviate problems caused by such potential breaches or attacks. Despite the constant monitoring of our technology systems and hiring of specialized third parties to identify and address any vulnerabilities through implementation of network security measures, it is possible that computer programmers and hackers, or even internal users, may be able to penetrate, create systems disruptions or cause shutdowns of our network security or that of third-party companies with which we have contracted. As a result, we could experience significant disruptions of our operations and incur significant expenses addressing problems created by these breaches. Such unauthorized access could disrupt our business and could result in a loss of revenue or assets and any compromise of customer information could subject us to customer or government litigation and harm our reputation, which could adversely affect our business and growth. Cybersecurity Risk Management and Strategy We have developed and implemented a cybersecurity risk management program intended to protect the confidentiality, integrity, and availability of our critical systems and information. Our cybersecurity risk management program utilizes the CIS Critical Security Controls framework, as a guide to help identify, assess, and manage cybersecurity risks relevant to our business. This does not imply that we meet any particular technical standards, specifications, or requirements. Our cybersecurity risk management program includes the following key elements, among others: risk assessments designed to help identify material cybersecurity risks to our critical systems and information; a team comprised of IT personnel responsible for directing (1) our cybersecurity risk assessment processes, (2) our security processes, and (3) our response to cybersecurity incidents; the periodic use of external cybersecurity service providers, where appropriate, to assess, test or otherwise assist with aspects of our security processes; cybersecurity awareness training; and a cybersecurity incident response plan to respond to cybersecurity incidents. We have not identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected us, including our operations, business strategy, results of operations, or financial condition. We face certain ongoing risks from cybersecurity threats that, if realized, are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition. Cybersecurity Governance Our Board considers cybersecurity risk as critical to the enterprise and delegates the cybersecurity risk oversight function to the Audit Committee. The Audit Committee oversees management’s design, implementation and enforcement of our cybersecurity risk management program. The Audit Committee receives reports from our Chief Information Officer. Our Chief Information Officer, who works closely with and supervises our IT team, has overall responsibility for assessing and managing any material risks from cybersecurity threats. 13

Company Information