Forward Industries, Inc. 10-K Cybersecurity GRC - 2024-12-27

Page last updated on December 27, 2024

Forward Industries, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-12-27 16:02:44 EST.

Filings

10-K filed on 2024-12-27

Forward Industries, Inc. filed a 10-K at 2024-12-27 16:02:44 EST
Accession Number: 0001683168-24-009011

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Risk Management and Strategy We recognize the importance of developing, implementing and maintaining cybersecurity measures to safeguard our information and operational technologies and protect the confidentiality, integrity and availability of our data. Our business is dependent upon our computer systems, devices, software and networks to collect, process and store the data necessary to conduct almost all aspects of our business. We have designed our cybersecurity procedures based on the National Institute of Standards and Technology Cybersecurity Framework (“NIST CSF”). We have used NIST CSF as a guide to help identify, assess and manage cybersecurity risks relative to our business, but this does not imply that our cybersecurity program meets any particular technical standard, specification or requirement. 16 We have processes in place to assess, identify, manage and address material cybersecurity threats and incidents. These include, among other things, annual and ongoing security awareness training for employees, mechanisms to detect and monitor unusual network activity, use of encryption and authentication technologies, penetration testing and containment and incident response tools. We regularly assess risks from cybersecurity and technology threats and monitor our information systems for potential vulnerabilities. We maintain an incident response plan with a cross-functional team comprised of members of the information technology department, senior management and other appropriate individuals. The team is responsible for assessing and managing the cybersecurity incident response process and taking necessary corrective actions to mitigate and/or eliminate any issues. Our control over the security posture of and ability to monitor the cybersecurity practices of third-party vendors and service providers is limited and there can be no assurance that we can prevent, mitigate or remediate the risk of any compromise or failure in the cybersecurity infrastructure owned or controlled by third parties. As of the filing date of this Annual Report on Form 10-K, we are not aware of any cybersecurity incidents that have materially affected or are reasonably likely to materially affect our business strategy, results of operations or financial condition. However, despite our efforts, we cannot eliminate all risks from cybersecurity threats or incidents or provide assurances that we have not experienced an undetected cybersecurity incident. For more information about these risks, see “Item 1A - Risk Factors.” Governance Our Board of Directors has overall responsibility for the oversight of risk management, including cybersecurity risks. The Board receives periodic briefings on cybersecurity matters, including key risks to the Company, recent developments and risk mitigation activities from management. Our information technology team is responsible for assessing and maintaining our cybersecurity risk management program and may engage third-party experts on an as-needed basis for risk assessment and system enhancements. Our information technology team are experienced information systems security professionals with many years of experience in the information technology field and various degrees and cybersecurity-related certifications.

Company Information