Page last updated on January 14, 2025
EMCORE CORP reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-01-14 16:09:24 EST.
Filings
10-K filed on 2025-01-14
EMCORE CORP filed a 10-K at 2025-01-14 16:09:24 EST
Accession Number: 0000808326-25-000007
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
ITEM 1C. Cybersecurity. We recognize the importance of cybersecurity in achieving our business objectives, safeguarding our assets, and managing our daily operations. Accordingly, we integrate a process for identifying, assessing, and managing material risks from cybersecurity threats into our overall risk management system. The Audit Committee of our Board of Directors oversees all matters related to the security of and risks related to information technology systems and procedures, including cybersecurity policies and procedures. Our cybersecurity program, including the prevention, detection, investigation, and response to cybersecurity threats and incidents, is managed by our Director, IT, who has worked in information technology and communications services for over 25 years. Our cybersecurity program incorporates an incident response plan to engage cross-functionally across the Company and report cybersecurity incidents to appropriate levels of management, including senior management and the Audit Committee or Board of Directors, based on potential impact. Because of the relatively small size of our information technology workforce, we have limited internal cybersecurity expertise and monitoring capabilities; accordingly, we seek to augment our internal capabilities by engaging larger, well-known third-party service providers with significantly greater cybersecurity capabilities than we possess to monitor cybersecurity events and provide rapid responses to any critical events, including with respect to Managed Detection and Response (MDR) and Endpoint Detection & Response (EDR). Because we rely on their more significant expertise, our ability to identify and remediate weaknesses or vulnerabilities is limited to their services. We have engaged with third parties to assess our cybersecurity defenses biweekly and audit our cybersecurity program. We also conduct annual penetration tests of our information systems via independent third-party cybersecurity experts to evaluate our systems and provide remediation and recommendations to improve our cybersecurity program. We also conduct annual cybersecurity awareness training. We aim to incorporate industry best practices throughout our cybersecurity processes, and our cybersecurity framework leverages internationally recognized standards, including the National Institute of Standards and Technology’s (“NIST”) Cybersecurity Framework. We are compliant with DFARS 252.204-7012 and DFARS 252.204-7020 and have a compliant NIST SP 800-171 self-assessment status. As of the date of this report, we have not identified any risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected or are reasonably likely to materially affect the Company, including our business strategy, results of operations, or financial condition. While we believe our cybersecurity program is appropriate for managing constantly evolving cybersecurity risks, no program can fully protect against all possible adverse events. For additional information on these risks and potential consequences if the measures we are taking prove to be insufficient or if our proprietary data is otherwise not protected, see Item 1A. “Risk Factors” in this report.
Company Information
| Name | EMCORE CORP |
| CIK | 0000808326 |
| SIC Description | Semiconductors & Related Devices |
| Ticker | EMKR - Nasdaq |
| Website | |
| Category | Non-accelerated filer Smaller reporting company |
| Fiscal Year End | September 29 |