Kun Peng International Ltd. 10-K Cybersecurity GRC - 2025-01-14

Page last updated on January 14, 2025

Kun Peng International Ltd. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-01-14 15:46:22 EST.

Filings

10-K filed on 2025-01-14

Kun Peng International Ltd. filed a 10-K at 2025-01-14 15:46:22 EST
Accession Number: 0001493152-25-002124

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY The Company has adopted a cybersecurity policy (the “Cybersecurity Policy”) governing the establishment and application of certain procedures and safeguards to identify potential cybersecurity risks and, in the event of a cybersecurity breach, the protocol for disclosing to the Securities and Exchange Commission, including possible remedies. The members of the Board of Directors reviews cybersecurity risk as part of our overall risk-management program. This ensures that cybersecurity risk management remains a meaningful priority in our business strategy and operations. Our risk management strategy for cybersecurity generally includes: 1. Identification : We aim to proactively identify the manners in which our business could be materially impacted by cybersecurity risks including: 1. Cybersecurity Incidents - an unauthorized occurrence on or conducted through its information system that jeopardizes the confidentiality, integrity, or availability of its information systems or any information residing therein 2. Cybersecurity Threats - any potential occurrence that may result in an unauthorized effort to adversely affect the confidentiality, integrity, or availability of its information systems or any information residing therein. 74 2. Assessment : We periodically assess our risks relating to cybersecurity threats, including risks relating to our reliance on third parties. In so doing, we consider the likelihood and impact that could result from the manifesting of such risks, together with the sufficiency of existing policies, procedures, systems, and safeguards in place to manage such risks, together with the sufficiency of existing policies, procedures, systems, and safeguards in place to manage such risks, including evaluating and if available obtaining cyber liability insurance, and aligning such cyber-risk management policies with the Company’s business needs by integrating cyber-risk analysis into significant business decisions. 3. Management : If deemed appropriate, we design and implement reasonable safeguards to address any identified gaps in our existing processes and procedures, including annual cybersecurity awareness training emphasizing the use of strong passwords on all systems and aligning cyber-risk management policies with the Company’s needs by integrating cyber-risk analysis into significant business decisions and ensuring that the Company’s organization structure supports such cybersecurity goals. 4. Evaluation : If a cybersecurity breach occurs, the Board of Directors and/or the Audit Committee will determine whether the incident or threat is “material” (.i.e. is there a substantial likelihood that a reasonable shareholder would consider it important in making an investment decision or if it would have significantly altered the “total mix” of information made available?), assessing among other factors potential or actual financial impacts, reputational damage, and operational disruptions. 5. Report : Establish and monitor an incident response approach requiring our Chief Financial Officer to report to us, the full Board of Directors, and legal counsel any cybersecurity concerns or events. 6. Disclosure : To ensure compliance with SEC requirements and maintain overall stakeholder confidence in the Company, all material and known facts regarding the cybersecurity breach will be recorded, including their nature, scope, and financial implications; and a Form 6-K will be prepared and filed within four (4) business days after the determination that a “material” cybersecurity incident has occurred. We presently do not engage third parties to assist with evaluating the effectiveness of our risk-management and cybersecurity practices. The Company did not have any material cybersecurity breaches during the year ended September 30, 2024. As soon as the Board of Directors authorizes the creation of an audit committee comprised of our three independent non-executive directors, and adoption of an audit committee charter, the Audit Committee will be the governance body involved in, and ultimately responsible for, cybersecurity oversight. They will generally coordinate with our Chief Financial Officer in this regard. If needed, the full Board would be updated on cybersecurity risks and incidents. As of the date of this Annual Report, the members of the Board of Directors currently None of our directors on the Audit Committee nor our Chief Financial Officer have particular experience in cybersecurity matters. See “Item 10. Directors, Executive Officers and Corporate Governance - Committees of the Board of Directors.” 75

Company Information