reAlpha Tech Corp. 10-K Cybersecurity GRC - 2025-04-02

Page last updated on April 2, 2025

reAlpha Tech Corp. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-04-02 06:12:54 EDT.

Filings

10-K filed on 2025-04-02

reAlpha Tech Corp. filed a 10-K at 2025-04-02 06:12:54 EDT
Accession Number: 0001213900-25-027581

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Risk Management and Strategy We acknowledge the critical importance of developing, implementing, and maintaining robust cybersecurity measures to safeguard our information systems and protect the confidentiality, integrity, and availability of our data. While we are in the process of enhancing our cybersecurity practices, we are committed to continually improving and adapting to evolving threats to maintain a high standard of protection. Managing Material Risks and Integrated Overall Risk Management We have developed and implemented a cybersecurity program that seeks to ensure the confidentiality, integrity , and availability of our information assets, including its critical systems. We use information security management standards like ISO 27001 as a guide to help us identify, assess, and manage cybersecurity risks relevant to our business. We are actively integrating cybersecurity risk management into our broader enterprise risk management framework. This integration is designed to promote a company-wide culture of cybersecurity awareness and risk management. Our risk management team, in collaboration with external consultants, is assessing and addressing cybersecurity risks in alignment with our operational and business needs. This ongoing integration ensures that cybersecurity considerations are increasingly embedded in our decision-making processes at every level. Our cybersecurity framework draws upon the National Institute of Standards and Technology (“NIST”) cybersecurity framework, which provides guidance for identifying, assessing, and managing cybersecurity risks. While we are in the early stages of fully implementing this framework, we are committed to following its principles as we strengthen our cybersecurity measures to protect both our digital and physical assets. Engage Third-parties on Risk Management Recognizing the evolving nature of cybersecurity threats, we have been engaging with external experts, including cybersecurity assessors, consultants, and auditors, to assess and enhance our risk management systems. These third parties are assisting us with evaluating our cybersecurity posture, recommending improvements, and advising on the implementation of best practices. As we progress, we will continue leveraging these external insights to enhance our cybersecurity strategies and ensure alignment with industry standards. Oversee Third-party Risk We understand the potential risks associated with third-party service providers, and we are working on implementing stronger oversight processes. While we have initiated security assessments for our third-party providers, we are in the process of enhancing these efforts to include more frequent evaluations and ongoing monitoring. This will help mitigate the risk of security incidents originating from third parties. Risks from Cybersecurity Threats To date, we have not encountered cybersecurity incidents that have materially impaired our operations or financial position. However, we are proactively preparing for the possibility of cybersecurity risks, ensuring that our systems are protected against potential threats in the future. 45 Governance Our board of directors understands the critical nature of cybersecurity and is closely involved in overseeing our efforts to mitigate cybersecurity risks. We are in the process of formalizing governance structures and oversight mechanisms to ensure that these risks are managed effectively, with the aim of strengthening our operational integrity and enhancing stockholder confidence. Management’s Role Managing Risk The Chief Executive Officer (“CEO”), Chief Operating Officer (“COO”), and Chief Financial Officer (“CFO”) are actively involved in managing cybersecurity risks. They receive regular updates, which include an overview of the current cybersecurity landscape, the status of ongoing initiatives, and compliance with regulatory requirements. We are establishing structured processes for ongoing communication among the executive team to ensure they remain informed and involved in key cybersecurity decisions. Risk Management Monitoring We are committed to monitoring cybersecurity risks and are in the process of implementing enhanced monitoring systems. With the assistance of cybersecurity consultants, we are refining our cybersecurity policies and controls, including regular audits and the deployment of advanced security measures such as Multi-Factor Authentication (“MFA”) and stronger email filtering protocols. In addition, we are continuing to develop incident response plans, communication protocols, and disaster recovery plans to be prepared for any potential cybersecurity incidents. Security Training We are providing cybersecurity training to our employees and plan to continue enhancing this program on an ongoing basis. Regular updates and internal campaigns will ensure that our employees are well-prepared to identify and respond to cybersecurity threats in an effective manner. Reporting to Board of Directors The COO regularly informs the CEO and CFO on cybersecurity risks and initiatives. Significant cybersecurity matters will be escalated to the audit committee for review, where management will provide detailed updates on risk assessments, incident response, and the effectiveness of our cybersecurity strategies. The audit committee will continue to evaluate the progress of our cybersecurity initiatives and offer guidance to help strengthen our efforts.

Company Information