Glucotrack, Inc. 10-K Cybersecurity GRC - 2025-03-31

Page last updated on March 31, 2025

Glucotrack, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-31 17:20:10 EDT.

Filings

10-K filed on 2025-03-31

Glucotrack, Inc. filed a 10-K at 2025-03-31 17:20:10 EDT
Accession Number: 0001641172-25-001861

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy We recognize the critical importance of developing, implementing, and maintaining robust cybersecurity measures to safeguard our information systems and protect the confidentiality, integrity, and availability of our data. The Company considers its primary cybersecurity risks to be theft of intellectual property, theft of other business data, fraud or extortion, lack of access to its information systems, harm to employees, harm to business partners, violation of privacy laws, potential reputational risk, and litigation or other legal risk if a cybersecurity incident were to occur. It is difficult to assign a monetary materiality assessment to these risks or to the impact if the Company were to sustain a breach of its systems. The Company’s approach to cybersecurity is based on the premise that any cybersecurity incident could result in material harm to the Company. We have a cybersecurity and risk management processes in place to oversee risks associated with cybersecurity and respond to emerging threats in a timely and effective manner. We monitor our systems to assess cybersecurity risks and threats. Managing Material Risks & Integrated Overall Risk Management We have integrated cybersecurity risk management into our broader risk management framework. This integration ensures that cybersecurity considerations are an integral part of our decision-making process. We conduct annual risk assessments and quarterly vulnerability scans of risks posed by cybersecurity threats in conjunction with our insurance renewal cycles. As a result of these assessments, we have implemented technical, administrative, and, where appropriate, physical controls and practices to proactively monitor our systems and user accounts including, but not limited to, deploying solutions to constantly monitor users accessing systems, implementation of two factor authentication for logins, and improved rules for password maintenance . Like many companies, we make use of cloud-based solutions provided by several large service providers for critical information technology infrastructure such as email and file storage. We do not maintain stand-alone servers for our email, file storage or other business applications. In the normal course of our relationships with the providers of these services, we regularly monitor their message boards and other formal and informal communications channels for signs of breaches of their systems. We also survey available public information for indications that they have suffered a breach of their systems. Engage Third Parties on Risk Management Our Audit Committee has been designated with oversight responsibility for cybersecurity risks and our Chief Financial Officer is responsible for managing our efforts in this area. Neither the Chief Financial Officer nor any member of the Audit Committee has relevant expertise in cybersecurity. Recognizing the complexity and evolving nature of cybersecurity threats, the Company has retained an third-party technical expert to support its information technology systems including addressing cybersecurity risks. This relationship enables us to leverage specialized knowledge and insights, to ensure our cybersecurity strategies and processes are aligned with industry best practices. Oversee Third Party Risk We utilize various third-party software applications in the functioning of our core business. We conduct assessments of all third-party providers and maintain ongoing reviews to ensure compliance with our cybersecurity standards. Our assessment of risks associated with the use of third-party providers is part of our overall cybersecurity framework . In addition, some of our business partners also maintain data related to our trials and ongoing product development on servers they maintain. We require these partners to comply with all HIPAA standards for maintaining security of their systems where this data resides. 29 Risks from Cybersecurity Threats We face risk from cybersecurity threats that could have a material adverse effect on our business, financial condition, results of operations, cash flows or reputation. For more information about the cybersecurity risks we face, see the risk factor entitled " Security threats to our information technology infrastructure could expose us to liability and damage our reputation and business ." in Item 1A., Risk Factors . Governance Our Board of Directors is aware of the critical nature of managing risks associated with cybersecurity threats, and recognizes the significance of these threats to our operational integrity and stockholder confidence. Risk Management Personnel We utilize an out-sourced information technology (IT) network and cybersecurity compliance service provider, Windstar Technologies, Inc. (“Windstar”) Windstar, under the supervision of our Chief Financial Officer, is responsible for developing and implementing our information security program. Windstar provides managed IT network and cloud services, network, cyber and web security services, cyber risk audits and compliance and penetration testing assessments. Board of Directors Oversight Our Board is aware of the critical nature of managing risks associated with cybersecurity threats, and recognizes the significance of these threats to our operational integrity and stockholder confidence . The Audit Committee is central to the Board’s oversight of cybersecurity risks and bears the primary responsibility for this domain . Management’s Role Managing Risk and Reporting to the Board We do not currently have an employee who has significant and demonstrated professional IT management experience. Presently, our Chief Financial Officer with assistance from our third-party IT services provider, Windstar, are primarily responsible for informing the Audit Committee regarding cybersecurity risks. They provide briefings to the Audit Committee on a regular basis, with a minimum frequency of once per year . In addition to scheduled meetings, the Audit Committee and the Chief Financial Officer maintain an ongoing dialogue regarding emerging or potential cybersecurity risks. Together, they receive updates on any significant developments in the cybersecurity domain, ensuring the Board’s oversight is proactive and responsive. This involvement ensures that cybersecurity considerations are integrated into the Company’s broader strategic objectives and helps in identify areas for improvement, ensuring the alignment of cybersecurity efforts with the overall risk management framework.] To date, we have not experienced any previous cybersecurity incidents that have materially affected or are reasonably likely to materially affect our business strategy, results of operations, or financial condition.

Company Information