QT IMAGING HOLDINGS, INC. 10-K Cybersecurity GRC - 2025-03-31

Page last updated on March 31, 2025

QT IMAGING HOLDINGS, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-31 08:40:34 EDT.

Filings

10-K filed on 2025-03-31

QT IMAGING HOLDINGS, INC. filed a 10-K at 2025-03-31 08:40:34 EDT
Accession Number: 0001844505-25-000038

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C: Cybersecurity The operation of our business depends on our information technology systems. We rely on our information technology systems to effectively manage sales and marketing data, accounting and financial functions, inventory management, product development tasks, clinical data, customer service and technical support functions. Our information infrastructure and products are vulnerable to cyber-based attacks. We have not incurred such an attack. Cyber-based attacks can include computer viruses, denial-of-service attacks, phishing attacks, ransomware attacks and other introduction of malware to computers and networks; unauthorized access through the use of compromised credentials; exploitation of design flaws, bugs or security vulnerabilities; intentional or unintentional acts by employees or other insiders with access privileges; and intentional acts of vandalism by third parties and sabotage. We have developed and implemented a risk-based program focused on assessing and identifying cybersecurity risks, and managing these risks by taking cybersecurity measures to protect the confidentiality, integrity, and availability of our critical systems and information. Our cybersecurity risk management is integrated into our overall risk management framework, and shares common methodologies, reporting channels and governance processes that apply across the risk management program to other legal, compliance, strategic, operational, and financial risk areas. We have engaged an information security consultant to assist in our cybersecurity risk management program. Our Board of Directors is primarily responsible for overseeing and governing our cybersecurity risk management program. The Audit Committee of our Board of Directors is responsible for overseeing management’s processes for identifying and mitigating risks that affect our operations, including cybersecurity risks. Senior leadership regularly briefs the full Board of Directors on our cybersecurity and information security posture and the Audit Committee is to be apprised of cybersecurity incidents deemed to pose a critical risk to our information technology (“IT”) assets or business. We rely upon in-house and third- party cybersecurity vendors to monitor our IT systems and assets and have a governance structure and processes as described above to assess, identify, manage, and report cybersecurity risks. We continue to assess the risks and changes in the cyber environment and invest in enhancements to our cybersecurity capabilities. Although we have not, as of the date of this annual report, experienced a cybersecurity incident that materially affected our business, financial condition and results of operations, we can provide no assurance that we will not experience a material cybersecurity incident in the future.

Company Information