CERO THERAPEUTICS HOLDINGS, INC. 10-K Cybersecurity GRC - 2025-04-15

Page last updated on April 15, 2025

CERO THERAPEUTICS HOLDINGS, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-04-15 16:30:35 EDT.

Filings

10-K filed on 2025-04-15

CERO THERAPEUTICS HOLDINGS, INC. filed a 10-K at 2025-04-15 16:30:35 EDT
Accession Number: 0001213900-25-032134

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. Cybersecurity Risk Management and Strategy We have implemented risk management procedures, which include cybersecurity risk management, that are designed to define our corporate risk tolerance and align assumed risks to that tolerance through risk identification, prioritization, assessment, mitigation and planned responses if risk is realized. These elements are applied to cybersecurity as well as other origins of risk. Our cybersecurity risk management procedures are designed to address four key areas: ● Identification of assets at risk from cybersecurity threats ● Identification of potential sources of cybersecurity threats ● Assessment of the status of protections in place to prevent or mitigate cybersecurity threats ● Given that landscape, how to manage cybersecurity risks Our risk assessment and mitigation procedures are centered on three key components: ● identification of risks, which involved input from different groups across our company; ● evaluation of the likelihood of the risks manifesting, the severity of the potential consequences and prioritization of different risk items based on, among other things, importance to the business and cost/benefit analysis to fully address; and ● execution - establishment of a program to address. Our information technology (the “Information Technology Team”) is responsible for monitoring our information systems for vulnerabilities and mitigating any issues. It works with others within our company to understand the severity of the potential consequences of a cybersecurity incident and to make decisions about how to prioritize mitigation and other initiatives based on, among other things, materiality to the business. The Information Technology Team has processes designed to keep us apprised of the different threats in the cybersecurity landscape - this includes working with consultants, discussions with peers at other companies, and reviewing government alerts and other news items. The team also regularly monitors our network(s) to identify security risks. We have an employee education program that is designed to raise awareness of cybersecurity threats to reduce our vulnerability as well as to encourage consideration of cybersecurity risks across functions. We monitor risks through active (e.g., vulnerability scans) and passive (e.g., end-point protection) methods and addresses system alerts on a constant basis. As part of the assessment of the protections we have in place to mitigate risks from cybersecurity threats, we engage third parties to conduct risk assessments on our systems. Before purchasing third-party technology or other solutions that involve exposure to our assets and electronic information, our Information Technology Team performs a review on vendors (evaluating suitability, risk, and impact) before they are approved to work with us. We have not identified any cybersecurity incidents or threats that have materially affected us or are reasonably likely to materially affect us , including our business strategy, results of operations or financial condition; however, like other companies in our industry, we and our third-party vendors have, from time to time, experienced threats and security incidents relating to our and our third-party vendors’ information systems. See Item 1A “Risk Factors” in this Annual Report on Form 10-K for more information. 97 Cybersecurity Governance Our board of directors has delegated oversight of our enterprise risk management processes, including those relating to cybersecurity risks, to the Audit Committee. Our Chief Financial Officer meets on a periodic basis with the Audit Committee to discuss management’s ongoing cybersecurity risk management procedures. Such discussions address, among other things, the sources and nature of cyber-security risks we face, how management assesses likelihood and severity of the impact of such risks, and progress on any active projects as well any current developments in the cybersecurity landscape. At the Audit Committee’s discretion, material findings may be escalated to the entire board of directors. The chair of the Audit Committee is a Chief Financial Officer with existing cyber-security and risk management responsibilities at a similar public company.

Company Information