XML 36 R23.htm IDEA: XBRL DOCUMENT v3.25.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Risk Management and Strategy

We recognize the importance of managing the material risks of cybersecurity threats, and we have implemented processes for identifying and assessing cybersecurity risks and incidents. We have also integrated these processes into our overall risk management system, including senior management’s periodic reviews of cybersecurity risks or threats. Senior management oversees and works closely with our IT department to continuously review and evaluate cybersecurity risks in alignment with our business goals and needs.

With respect to cybersecurity risks and threats, we utilize various third-party consultants and advisors to assist us with regular reviews, internal audits and best practices, including threat prevention and detection, security reviews and enhancements, penetration testing and full scope IT audits. CytoSorbents also has strict processes in place for the review of third-party service providers engaged, including thorough security assessments before engagement and annual monitoring of their IT environments and controls.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] We have also integrated these processes into our overall risk management system, including senior management’s periodic reviews of cybersecurity risks or threats. Senior management oversees and works closely with our IT department to continuously review and evaluate cybersecurity risks in alignment with our business goals and needs.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Board of Directors Oversight [Text Block]

Governance

Our Chief Executive Officer and Chief Financial Officer are primarily responsible for timely updating the Board of Directors and the Audit Committee of the Board of Directors (the “Audit Committee”) about any material cybersecurity incidents or threats or any cybersecurity related issues worthy of their attention.

Our Board of Directors has designated the Audit Committee as the primary committee responsible for reviewing and managing cybersecurity risks and threats at CytoSorbents. The Audit Committee is comprised of members of the Board of Directors with diverse experience in healthcare, finance and information technology, enabling them to effectively oversee cybersecurity risks and threats. Our management team, with assistance from third-party consultants or advisors as appropriate, provides quarterly updates regarding cybersecurity risks and threats to the Audit Committee and ad hoc updates or communications are provided to the entire Board of Directors as needed.

The IT Operations team is primarily responsible for the timely identification, review, severity assessment and management of cybersecurity incidents. In the event of a cybersecurity incident, the IT Department leadership follows the procedures outlined in our Cybersecurity Incident Response Policy and works closely with management to form a Security Incident Response Team comprised of members from the appropriate functional teams. In accordance with this policy, senior management will also communicate the occurrence of any significant cybersecurity incidents to our Board of Directors, Audit Committee and auditors on a timely basis and will keep them informed of the remediation plans and progress.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] Audit Committee
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

Our Chief Executive Officer and Chief Financial Officer are primarily responsible for timely updating the Board of Directors and the Audit Committee of the Board of Directors (the “Audit Committee”) about any material cybersecurity incidents or threats or any cybersecurity related issues worthy of their attention.
Cybersecurity Risk Role of Management [Text Block]

Our Chief Executive Officer and Chief Financial Officer are primarily responsible for timely updating the Board of Directors and the Audit Committee of the Board of Directors (the “Audit Committee”) about any material cybersecurity incidents or threats or any cybersecurity related issues worthy of their attention.

Our Board of Directors has designated the Audit Committee as the primary committee responsible for reviewing and managing cybersecurity risks and threats at CytoSorbents. The Audit Committee is comprised of members of the Board of Directors with diverse experience in healthcare, finance and information technology, enabling them to effectively oversee cybersecurity risks and threats. Our management team, with assistance from third-party consultants or advisors as appropriate, provides quarterly updates regarding cybersecurity risks and threats to the Audit Committee and ad hoc updates or communications are provided to the entire Board of Directors as needed.

The IT Operations team is primarily responsible for the timely identification, review, severity assessment and management of cybersecurity incidents. In the event of a cybersecurity incident, the IT Department leadership follows the procedures outlined in our Cybersecurity Incident Response Policy and works closely with management to form a Security Incident Response Team comprised of members from the appropriate functional teams. In accordance with this policy, senior management will also communicate the occurrence of any significant cybersecurity incidents to our Board of Directors, Audit Committee and auditors on a timely basis and will keep them informed of the remediation plans and progress.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] IT Operations team
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] The Audit Committee is comprised of members of the Board of Directors with diverse experience in healthcare, finance and information technology, enabling them to effectively oversee cybersecurity risks and threats.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] Our management team, with assistance from third-party consultants or advisors as appropriate, provides quarterly updates regarding cybersecurity risks and threats to the Audit Committee and ad hoc updates or communications are provided to the entire Board of Directors as needed.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true