CRAWFORD UNITED Corp 10-K Cybersecurity GRC - 2025-02-27

Page last updated on February 27, 2025

CRAWFORD UNITED Corp reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-02-27 06:06:52 EST.

Filings

10-K filed on 2025-02-27

CRAWFORD UNITED Corp filed a 10-K at 2025-02-27 06:06:52 EST
Accession Number: 0001437749-25-005328

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY . With the guidance of a qualified third -party that reports to and regularly meets with the Chief Executive Officer, we continue to make improvements in our cybersecurity program throughout our operating companies. We have established processes, consistent with nationally recognized frameworks, for deterring, detecting, evaluating, and responding to potential cybersecurity incidents. Our prevention efforts are multi-faceted, and are intended to address threats to our employees, networks, applications and data. Our third -party advisor has performed cybersecurity risk assessments of our information technology security processes and implemented technologies to lessen risk and respond to new risks as they arise. Using third party services, we monitor, scan, assess, audit, and remediate identified vulnerabilities across our networks, as appropriate. Furthermore, recognizing that our employees are an essential line of defense in cybersecurity, we require employees to participate in ongoing training and testing programs through which we provide education on the risk of potential cybersecurity incidents, methods for identification of such incidents and appropriate responses. Our policies and processes are informed by industry standard practices regarding application security, access management, device protection, network management, and data loss prevention and recovery . Our cybersecurity incident response plan includes retention of external experts for prompt assistance following discovery of any material incident. This cybersecurity incident response plan is part of our ongoing cybersecurity vulnerability management, and we endeavor to maintain appropriate controls to identify, monitor, analyze and address potential cybersecurity incidents, including potential unauthorized access to our networks and applications, along with detection of potential unusual activity within our networks or applications. Any potential cybersecurity incident discovered is promptly reported to the Chief Executive Officer and Chief Financial Officer, and the Audit Committee or the full Board, as appropriate . Our Board of Directors provides oversight of risks from cybersecurity threats, in coordination with our management team and the Audit Committee of the Board. Our Board relies on management to bring significant matters impacting the Company to its attention, including with respect to material risks from cybersecurity threats. Our Audit Committee provides an additional layer of cybersecurity oversight and is responsible for discussing cybersecurity concerns with management (including data privacy risk management) and the steps management has taken to monitor and control such exposures . There have been no cybersecurity incidents which have materially affected us to date, including our business strategy, results of operations or financial condition. However, any future potential risks from cybersecurity threats, including but not limited to exploitation of vulnerabilities, ransomware, denial of service, supply chain attacks, or other similar threats may materially affect us, including our execution of business strategy, reputation, results of operations and/or financial condition. See Item 1A. Risk Factors - “A significant disruption in, or breach in security of, our information technology systems or data could adversely affect our business, reputation and results of operations .”

Company Information