ATIF Holdings Ltd 10-K Cybersecurity GRC - 2024-11-13

Page last updated on November 13, 2024

ATIF Holdings Ltd reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-11-13 17:09:48 EST.

Filings

10-K filed on 2024-11-13

ATIF Holdings Ltd filed a 10-K at 2024-11-13 17:09:48 EST
Accession Number: 0001213900-24-097579

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY
ITEM 1C. Cybersecurity Cybersecurity Risk Management and Strategy Our company recognizes the critical importance of cybersecurity in our digital operations and has established a risk management program to address both internal and external cybersecurity threats. Despite our comprehensive efforts and critical resource allocation, we acknowledge the challenges posed by the evolving nature of cyber threats and the limitations in fully mitigating these risks. We have not observed any significant impacts from known cybersecurity threats or previous incidents on our operational, strategic, or financial aspects. Nevertheless, given the unpredictable nature of cyber threats, we cannot assure complete immunity against potential future impacts. The likelihood of cybersecurity incidents is influenced by frequency risk factors. External factors include market trends in cybercrime, technological advancements in hacking methods, and geopolitical developments. Internal factors are shaped by our policies, the effectiveness of employee training, and robustness of system updates and maintenance procedures. External cybersecurity incidents events may include and are not limited to service disruptions due to email borne threat activities, ransomware, or denial of service attacks against us or our suppliers, while internal events may comprise of internal threats, subcontractors, or governance failures among other events. Cybersecurity incident response plans are regularly updated to include structured processes encompassing identification, containment, eradication, recovery, and post-incident review. Continuous monitoring of systems and networks allows for the detection and response to potential cybersecurity threats. Response capabilities are regularly reviewed to align with the evolving cyber threat landscape and processes are fully integrated into our broader risk management system. Criteria used to determine the materiality of an incident includes, but is not limited to, evaluating the scope, nature, type, systems, data, operational impact, and pervasiveness of the incident. This approach involves continuous oversight and improvement based on evolving cyber threats. Materiality also considers both quantitative and qualitative factors in determining impact. Third-party engagement processes include risk evaluation across various domains such as cybersecurity, data privacy, supply chain, and regulatory compliance. We are committed to transparently disclosing material and unauthorized cybersecurity incidents involving third-party service providers, considering factors like operational technology system damages, information breaches, and interconnected attacks exploiting vulnerabilities. Cybersecurity Governance Our Board of Directors plays a pivotal role in overseeing the organization’s preparedness for cyber threats. This involves a comprehensive understanding of our risk profile, ensuring appropriate cybersecurity controls are in place, regularly reviewing the effectiveness of these measures, and maintaining a robust incident response plan. The Board’s involvement extends beyond compliance and budget approvals to active participation in continuous cybersecurity strategy improvement. 31

Company Information