CALLAN JMB INC. 10-K Cybersecurity GRC - 2025-03-28

Page last updated on March 28, 2025

CALLAN JMB INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-28 16:57:18 EDT.

Filings

10-K filed on 2025-03-28

CALLAN JMB INC. filed a 10-K at 2025-03-28 16:57:18 EDT
Accession Number: 0001641172-25-001249

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY We recognize the importance of safeguarding the security of our computer systems, software, networks, and other technology assets. We have implemented and maintain a security risk management program that is designed to preserve the confidentiality, integrity, and continued availability of information under our ownership or care with the aim to continually improve security features in order to keep pace with the evolving cyber threat landscape. We face a number of cybersecurity risks in connection with our business and recognize the growing threat within the general marketplace and our industry. Although such risks have not materially affected us, including our business strategy, results of operations or financial condition, to date, we and our vendors have, from time to time, experienced threats to and breaches of our data and systems. For more information about the cybersecurity risks we face, refer to Part I, Item 1A, Risk Factors of this annual report. Risk Management and Strategy We have implemented internal controls including regular risk assessments designed to address financial, operational and information technology (including cybersecurity) risks and controls across our organization. These assessments are overseen by our Director of IT. We implement cybersecurity controls and procedures designed to address cyber risks and threats, supported by third-party technologies and security advisors and providers. We also provide cybersecurity awareness training to our employees during the onboarding process and periodically thereafter. In addition, we engage external third-party information security consultants to periodically conduct information security testing and assessments, and to evaluate our overarching information security program and specific incident response procedures. We also maintain a Cyber Incident Response Plan, which is overseen by our Director of IT and is designed to coordinate our response to information security incidents. Finally, we hold and maintain third-party insurance coverage for cybersecurity risks commensurate with industry standards for a company of our size and stage. 25 Cybersecurity Oversight Our board of directors (the “Board”) considers cybersecurity risk as part of its risk oversight function. While delegated to the Audit Committee, the Board directly oversees management’s implementation of our cybersecurity risk management program. The Board receives regular reports from management on our cybersecurity risks. In addition, management updates the Board, as necessary, regarding any material cybersecurity incidents, as well as any incidents with lesser impact potential. Board members receive presentations on cybersecurity topics from our Chief Information Officer . Our management team, including our Director of IT, is responsible for assessing and managing our material risks from cybersecurity threats. Our Director of IT has primary responsibility for our overall cybersecurity risk management program and supervises both our internal cybersecurity personnel and our retained external cybersecurity consultants. Our consultant’s experience includes over 15 years of design, implementation and management of cyber-security programs at various levels and organizations . Our management team supervises efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, which may include briefings from internal security personnel; threat intelligence and other information obtained from governmental, public or private sources, including external consultants engaged by us; and alerts and reports produced by security tools deployed in the IT environment.

Company Information