GULF RESOURCES, INC. 10-K Cybersecurity GRC - 2024-09-27

Page last updated on September 27, 2024

GULF RESOURCES, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-09-27 16:20:47 EDT.

Filings

10-K filed on 2024-09-27

GULF RESOURCES, INC. filed a 10-K at 2024-09-27 16:20:47 EDT
Accession Number: 0001193805-24-001184

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. We face risks associated with cybersecurity. For additional details on risks from cybersecurity threats, please refer to “Item 1A. Risk Factors - The occurrence of security breaches and cyber-attacks could negatively impact our business .” and “- If the Chinese government chooses to exert more oversight and control over offerings that are conducted overseas and/or foreign investment in China-based issuers, such action could significantly limit or completely hinder our ability to offer or continue to offer securities to investors and cause the value of such securities to significantly decline or be worthless. " The purpose of our cybersecurity program is to assess, identify, manage and mitigate cybersecurity risk while supporting the achievement of our business objectives. Under our comprehensive risk management program, the Board of Directors of the Company maintains oversight of the most significant risks facing the Company, including cybersecurity risks, while senior management is responsible for the identification and prioritization of risks that are material to our business, corresponding risk-mitigation efforts and day-to-day management of our risk management program. The full Board of Directors retains oversight over management’s cybersecurity efforts. At least annually, and often more frequently, our Board of Directors receives cybersecurity briefings from senior executives, including, when appropriate, executives focused on cybersecurity matters. Our companywide cybersecurity policy sets the framework for our approach to cybersecurity. Each business unit and our corporate headquarters designates individuals with appropriate qualifications and experience to be responsible for addressing cybersecurity matters, including assessing, identifying and managing risks from cybersecurity threats, with a direct reporting line to senior management. Under our approach to cybersecurity, each business unit designs and operates its own information and cybersecurity program tailored to its market, customer requirements, regulatory requirements and threats. Our cybersecurity policy and procedures are designed to ensure senior management receives timely and adequate information regarding cybersecurity matters, including threats and incident response, as appropriate to the matter. Our policies and procedures are also designed to oversee and identify material cybersecurity risks related to third-party vendors and service providers. As part of our approach to cyber risk management, we regularly perform internal audits of internal processes and controls relating to cybersecurity. From time to time, as appropriate under our overall cybersecurity program, we engage third-party experts to support the assessment of cyber related risks, including to conduct cyber penetration testing. To its knowledge, the Company has not experienced a material cybersecurity breach within the last three years, nor identified any risks from cybersecurity threats that have materially affected us, including our business strategy, results of operations or financial condition.

Company Information