Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
---|---|
Dec. 31, 2024 | |
Cybersecurity Risk Management, Strategy, and Governance [Abstract] | |
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] |
We
maintain a cyber risk management program designed to identify, assess, manage, mitigate, and respond to cybersecurity threats.The
underlying processes and controls of the bioAffinity cyber risk management program incorporate recognized best practices and standards
for cybersecurity and information technology, including the National Institute of Standards and Technology (“NIST”) Cybersecurity
Framework (“CSF”). In addition, bioAffinity maintains policies over areas, such as information security, access on/offboarding, and access and account management, to help govern the processes put in place by management designed to protect bioAffinity IT assets, data, and services from threats and vulnerabilities. bioAffinity partners with industry-recognized cybersecurity providers leveraging third-party technology and expertise. These cybersecurity partners, including consultants and other third-party service providers, are a key part of bioAffinity’s cybersecurity risk management strategy and infrastructure and provide services including maintenance of an IT assets inventory, periodic vulnerability scanning, identity access management controls including restricted access to privileged accounts, network integrity safeguarded by web-based software, including endpoint protection, endpoint detection and response, and remote monitoring management on all devices, industry-standard encryption protocols, critical data backups, infrastructure maintenance, incident response, cybersecurity strategy, and cyber risk advisory, assessment and remediation. |
Cybersecurity Risk Management Processes Integrated [Flag] | true |
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
Cybersecurity Risk Role of Management [Text Block] |
bioAffinity’s
management team, in conjunction with third-party IT and cybersecurity service providers, is responsible for oversight and administration
of the cyber risk management program and informing senior management and other relevant stakeholders regarding the prevention, detection,
mitigation, and remediation of cybersecurity incidents. Our management team has prior experience selecting, deploying, and overseeing
cybersecurity technologies, initiatives, and processes and relies on threat intelligence as well as other information obtained from governmental,
public, or private sources. The Audit Committee of the Board of Directors oversees bioAffinity cybersecurity risk exposures and the steps taken by management to monitor and mitigate cybersecurity risks. The cybersecurity stakeholders, including member(s) of management assigned with cybersecurity oversight responsibility and/or third-party consultants providing cyber risk services, brief the Audit Committee on cyber vulnerabilities identified through the risk management process, the effectiveness of the cyber risk management program, and the emerging threat landscape and new cyber risks on at least an annual basis. This includes updates on bioAffinity processes to prevent, detect, and mitigate cybersecurity incidents. In addition, cybersecurity risks are reviewed by our Board of Directors at least annually, as part of the Company’s corporate risk oversight processes. bioAffinity faces risks from cybersecurity threats that could have a material adverse effect on its business, financial condition, results of operations, cash flows, or reputation. bioAffinity acknowledges that the risk of cyber incident is prevalent in the current threat landscape and that a future cyber incident may occur in the normal course of its business. However, prior cybersecurity incidents have not had a material adverse effect on our business, financial condition, results of operations, or cash flows. The Company proactively seeks to detect and investigate unauthorized attempts and attacks against our IT assets, data, and services, and to prevent their occurrence and recurrence where practicable through changes or updates to internal processes and tools and changes or updates to service delivery; however, potential vulnerabilities to known or unknown threats will remain. Further, there is increasing regulation regarding responses to cybersecurity incidents, including reporting to regulators, investors, and additional stakeholders, which could subject the Company to additional liability and reputational harm. In response to such risks, the Company has implemented initiatives such as implementation of the cybersecurity risk assessment process and development of an incident response plan. For more information on cybersecurity risks see Item 1A. “Risk Factors – Our internal information technology systems, or those of our third-party clinical research organizations or other contractors or consultants, may fail or suffer security breaches, loss or leakage of data, and other disruptions, which could result in a material disruption of our diagnostic tests’ or therapeutic product candidates’ development programs, compromise sensitive information related to our business, or prevent us from accessing critical information, potentially exposing us to liability or otherwise adversely affecting our business.” |
Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | The Audit Committee of the Board of Directors oversees bioAffinity cybersecurity risk exposures and the steps taken by management to monitor and mitigate cybersecurity risks. |