zSpace, Inc. 10-K Cybersecurity GRC - 2025-03-27

Page last updated on March 28, 2025

zSpace, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-27 18:21:08 EDT.

Filings

10-K filed on 2025-03-27

zSpace, Inc. filed a 10-K at 2025-03-27 18:21:08 EDT
Accession Number: 0001558370-25-003867

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy We have adopted processes for assessing, identifying, and managing material risks from cybersecurity threats as part of our implementation of the NIST Cybersecurity Framework (CSF) 2.0. These processes are integrated into our overall risk management approach, as overseen by our board of directors, primarily through its audit committee. We do not regularly engage third-party consultants, legal advisors, or audit firms in connection with such processes. However, our processes include overseeing and identifying risks from cybersecurity threats associated with the use of various other third-party service providers. We conduct assessments of certain third-party providers before engagement and have established procedures in its effort to mitigate risks related to data breaches or other security incidents originating from third parties. We also continue to provide our employees with cybersecurity and data protection training to support our risk mitigation efforts. Governance Board of Directors The audit committee of our board of directors is responsible for, among other things, reviewing and discussing with management and the internal audit group management’s risk assessment and risk management policies, including cybersecurity risks. The audit committee would be informed of material risks from cybersecurity threats pursuant to the escalation criteria as set forth in our NIST CSF 2.0 procedures. Management Under the oversight of the audit committee of our board of directors, and as directed by our Chief Executive Officer, our Chief Information Security Officer (“CISO”) is primarily responsible for the assessment and management of material cybersecurity risks. The CISO has over 25 years of experience in information security, risk management, and compliance, has served as the President and CEO at other organizations with cybersecurity responsibility. The CISO is also supported by a group of internal stakeholders, which is comprised of certain members of senior management and provides cross-functional support for cybersecurity risk management and facilitates the response to any cybersecurity incidents. The CISO oversees our cybersecurity incident response plan and related processes that are designed to assess and manage material risks from cybersecurity threats. The CISO also coordinates with our legal counsel and, if necessary, third parties, such as consultants and legal advisors, to assess and manage material risks from cybersecurity threats. The CISO is informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents pursuant to criteria set forth in our incident response plan and related processes. The CISO, or a delegate, informs the audit committee of certain cybersecurity incidents that may potentially be determined to be material pursuant to escalation criteria set forth in our incident response plan and related processes. The audit committee is also responsible for advising our Chief Executive Officer and Chief Financial Officer regarding cybersecurity disclosures in public filings. The CISO also notifies the audit committee chair of any material cybersecurity incident. As of the date of this Annual Report on Form 10-K, we are not aware of any cybersecurity incidents that have materially affected or are reasonably likely to materially affect our Company, including our business strategy, results of operations, or financial condition. For further discussion of the risks associated with cybersecurity incidents, see the cybersecurity risk factor titled “Any interruptions in our operations due to cyberattacks or to our failure to maintain adequate security and supporting infrastructure as we scale, could damage our reputation, business, operating results, and financial condition.” in the section entitled “Item 1A. Risk Factors” in Annual Report on Form 10-K.

Company Information