MYOMO, INC. 10-K Cybersecurity GRC - 2025-03-10

Page last updated on March 10, 2025

MYOMO, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-10 16:28:56 EDT.

Filings

10-K filed on 2025-03-10

MYOMO, INC. filed a 10-K at 2025-03-10 16:28:56 EDT
Accession Number: 0000950170-25-036349

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Cyber Risk Management and Strategy Our manager of information technology works in conjunction with our third-party managed security service provider to establish and maintain our cybersecurity risk management processes, which are informed by and incorporate elements of recognized industry standards, such as the National Institute of Standards and Technology Cybersecurity Framework. We also leverage our managed security services provider and other third-party consultants , providers, and technologies to support our internal information technology resources to monitor, identify, and address cybersecurity risks, including managing our monitoring and alerting tools and conducting periodic assessments of certain system applications. Further, as part of our cybersecurity risk management, we have adopted an incident response plan that has been designed to identify and manage significant events that may impact our information technology infrastructure, including those arising from or related to cybersecurity threats. We conduct periodic risk assessments of our information technology systems as part of our cybersecurity risk management processes and to evaluate the effectiveness of applicable security controls. Our efforts to address cybersecurity risks also include training employees, both from programs provided by our third-party managed security service provider and internal policies and training, which are designed to increase awareness of cybersecurity threats. We have a process to assess and review the cybersecurity practices of certain third-party vendors and service providers , including through review of applicable certifications and security reports, where available, and contractual requirements, as appropriate. Although risks from cybersecurity threats have to date not materially affected , and we do not believe they are reasonably likely to materially affect, us, our business strategy, results of operations or financial condition, we do, from time to time, experience threats and communicate security incidents relating to our and our third-party vendors’ information systems. For more information please see the section entitled “Risks Related to Cybersecurity and Data Protection” in Item 1A- Risk Factors. Governance Related to Cybersecurity Risks Our cyber risk management program and related operations and processes are directed by our Chief Financial Officer, in consultation with internal information technology resources, other members of senior management and our third-party security managed service provider. The Chief Financial Officer is responsible for identifying, evaluating, and implementing risk management control and methodologies to address any identified risks, including risks from cybersecurity threats, with advice from our third-party managed security service provider as appropriate. The Chief Financial Officer periodically provides reports to the technology, quality and regulatory committee of the board of directors regarding information technology and cybersecurity matters and associated risks. The technology, quality and regulatory committee is responsible for reviewing and overseeing the Company’s risk management process and strategy, including risks from cybersecurity threats. The technology, quality and regulatory committee periodically reports on cybersecurity risk management to the full board of directors.

Company Information