Page last updated on January 29, 2025
Coda Octopus Group, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-01-29 07:00:52 EST.
Filings
10-K filed on 2025-01-29
Coda Octopus Group, Inc. filed a 10-K at 2025-01-29 07:00:52 EST
Accession Number: 0001493152-25-004075
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
ITEM 1C. CYBERSECURITY. Risk Management The Company has designed and implemented processes to identify, address and mitigate risks from cybersecurity threats. Our current processes, which are subject to change as best practices evolve, include: (I) maintenance of cyber security certifications (such as Cyber Essential Plus). The Cyber essential scheme is a certification scheme designed to show that an organization has a minimum level of protection in cyber security through annual assessments to maintain the certification. This certification is issued by third party service providers who review annually the Company’s security controls around its Information Technology Infrastructure (“ITI”) and business practices to determine the Company’s vulnerability to cyber security threats. We also implement all recommendations which may come out of the certification assessments process. (II) As part of our day-to-day management of our business, we perform ongoing monitoring of ITI for access violations to our IT systems, weaknesses, changes or other threats. (III) We actively monitor the bulletins that may be issued by National Cyber Security Bodies, which are a good source of information on current trends and methods relating to cyber-attacks. We review this information and adapt our business practices as may be prudent and feasible. (IV) We have established an internal cross-group committee (Cyber Security Management Committee (“CSMC”) designating the area of cyber security risk management as “business critical”. The CSMC, under the guidance of the Board of Directors, is responsible for the risk management strategy and governance of this critical business area. Under the CSMC, a formal monthly reporting on cyber security related matters has been implemented and this is provided to the Management of Company for ongoing review. The monthly reporting covers: (i) the outcome of random testing designed to identify threats, access violations and risks; (ii) compliance with the Company’s ITI access protocol; (iii) confirmation that in the reporting period that there were no cyber security incidents; (iv) the assessment and identification of any gaps in the Company’s cyber security risk management protocol; and (v) confirmation that we continue to be compliant with our cyber security certifications and no action or omission has caused this certification to be invalid. (V) We run monthly cybersecurity awareness training with our employees, and this is documented in our internal periodic reporting. Governance Our Board of Directors holds oversight over the Company’s cyber security risk management strategy and protocols and has amongst its composition an expert on this subject who has been appointed as having the lead in this area. The Company’s internal CSMC works closely with the Board’s expert appointee. All ITI changes, proposed through the CSMC, are routed through approval processes, and testing before implementation. Our business strategy, results of operations, and financial condition have not been materially affected by risks from cybersecurity threats, but we cannot provide assurance that they will not be materially affected in the future by such risks or any future material incidents. 20
Company Information
| Name | Coda Octopus Group, Inc. |
| CIK | 0001334325 |
| SIC Description | Search, Detection, Navigation, Guidance, Aeronautical Sys |
| Ticker | CODA - Nasdaq |
| Website | |
| Category | Non-accelerated filer Smaller reporting company |
| Fiscal Year End | October 30 |