ZYNEX INC 10-K Cybersecurity GRC - 2025-03-11

Page last updated on March 11, 2025

ZYNEX INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-11 16:45:24 EDT.

Filings

10-K filed on 2025-03-11

ZYNEX INC filed a 10-K at 2025-03-11 16:45:24 EDT
Accession Number: 0001558370-25-002717

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Risk Management and Strategy We recognize the critical importance of developing, implementing, and maintaining robust cybersecurity measures to safeguard our information systems and protect the confidentiality, integrity, and availability of our data. Managing Material Risks & Integrated Overall Risk Management We have strategically integrated cybersecurity risk management into our broader risk management framework to promote a company-wide culture of cybersecurity risk management. This integration ensures that cybersecurity considerations are an integral part of our decision-making processes at every level. Our management team works closely with our IT department to continuously evaluate and address cybersecurity risks in alignment with our business objectives and operational needs. We have processes in place to assess, identify, manage, and address material cybersecurity threats and incidents. These include, among other things: annual and ongoing security awareness training for employees; mechanisms to detect and monitor unusual network activity; and containment and incident response tools. We regularly assess risks from cybersecurity and technology threats and monitor our information systems for potential vulnerabilities. We monitor issues that are internally discovered or externally reported that may affect our systems, and have processes to assess those issues for potential cybersecurity impact or risk. We conduct periodic assessments and testing of our policies, standards, processes, and practices in a manner intended to address cybersecurity threats and events. The results of such assessments, audits, and reviews are evaluated by management, and we adjust our cybersecurity policies, standards, processes, and practices as necessary based on the information provided by these assessments, audits, and reviews. We are establishing incident response, business continuity, and disaster recovery plans designed to more formally address our response to a cybersecurity incident. Oversee Third-party Risk Because we are aware of the risks associated with third-party service providers, we have implemented stringent processes to oversee and manage these risks. We conduct basic security assessments of all third-party providers before engagement and maintain ongoing monitoring to ensure compliance with our cybersecurity standards. The monitoring includes annual assessments of the System and Organization Controls (SOC) reports of our providers and implementing complementary controls. This approach is designed to mitigate risks related to data breaches or other security incidents originating from third-parties. Additionally, the Company leverages a number of third-party tools and technologies as part of its efforts to enhance cybersecurity functions, such as a managed security service provider to augment the Company’s incident response team, an endpoint detection and response system for continuous monitoring, detection, and response capabilities, and a security information and event management solution to automate real-time threat detection, investigation, and prioritization of high-fidelity alerts. Governance Our board of directors is responsible for overseeing our risk management program and cybersecurity is an element of this program. Our cybersecurity risk assessment and management efforts are led by our Director of Information Technology , who is responsible for implementing and overseeing processes for the monitoring of our information systems. This includes responsibility for the deployment of cybersecurity measures and system audits to identify potential cybersecurity vulnerabilities. Our Director of Information Technology reports directly to our COO. Risks from Cybersecurity Threats We have not encountered cybersecurity challenges that have materially impaired our operations or financial standing.

Company Information