Item 1. Business
Forward Looking Statements
This annual report contains forward-looking statements. These statements relate to future events or our future financial performance. In some cases, you can identify forward-looking statements by terminology such as “may”, “should”, “expects”, “plans”, “anticipates”, “believes”, “estimates”, “predicts”, “potential” or “continue” or the negative of these terms or other comparable terminology. These statements are only predictions and involve known and unknown risks, uncertainties and other factors, including the risks in the section entitled “Risk Factors” that may cause our or our industry’s actual results, levels of activity, performance or achievements to be materially different from any future results, levels of activity, performance or achievements expressed or implied by these forward-looking statements.
Although we believe that the expectations reflected in the forward-looking statements are reasonable, we cannot guarantee future results, levels of activity, performance or achievements. Except as required by applicable law, including the securities laws of the United States, we do not intend to update any of the forward-looking statements to conform these statements to actual results.
Our financial statements are stated in United States Dollars (US$) and are prepared in accordance with United States Generally Accepted Accounting Principles.
In this annual report, unless otherwise specified, all dollar amounts are expressed in United States dollars and all references to “common shares” refer to the common shares in our capital stock.
As used in this current report and unless otherwise indicated, the terms “we”, “us” and “our” mean Sirrus Corp., and our wholly-owned subsidiary, Sirrus Security, Inc. an Georgian corporation, unless otherwise indicated.
General Overview
We were incorporated under the laws of the State of Nevada on May 7, 2014. Our original business plan was to seek to engage in the designing, marketing and distribution of electronic cigarettes (“e-cigarette”) in East Africa.
On October 14, 2016, the Company, Ahmed Guled (the “Selling Stockholder”) and Linux Labs Technologies, Inc., a Georgia corporation entered into a Stock Purchase Agreement, dated October 14, 2016. Ms. Sparrow Marcioni and Mr. Steven James share voting and dispositive control over Linux Labs on a 50/50 basis.
Pursuant to the Purchase Agreement, Linux Labs purchased 25 million shares of common stock of the Company held by the Selling Stockholder, representing approximately 69.90% of the issued and outstanding shares of the Company's common stock, and the Indebtedness (as defined below) in consideration for an aggregate purchase price of $50,000, consisting of $10,000 in cash and $40,000 evidenced by a promissory note, dated October 14, 2016, in the principal amount of $40,000, bearing interest at the rate of 6% per annum, maturing on April 14, 2017 and secured by the Shares pursuant to a Stock Pledge Agreement dated October 14, 2016 between the Linux Labs and the Selling Stockholder. Pursuant to the Stock Purchase Agreement, $40,000 of the purchase price was allocated to the shares and $10,000 was allocated to purchase of the Indebtedness.
Pursuant to a Debt Purchase Agreement, dated October 18, 2016, among the Company, Selling Stockholder and Linux Labs, Linux Labs purchased indebtedness owed the Selling Stockholder by the Company.
Upon the consummation of the Stock Purchase Agreement and the transactions contemplated thereby, there was a change in control of the Company.
As of October 14, 2016, a change of control of the Company occurred, new management was appointed and on October 18, 2016, the Company established a new wholly owned subsidiary, Sirrus Security Inc., a Georgia corporation. With the change of control and the formation of a wholly-owned subsidiary, the Company will now focus on cyber security.
On April 26, 2017, Sirrus Security, Inc. (“Sirrus Security”), a Georgia corporation and wholly-owned subsidiary of the Company entered into an Independent Contractor Agreement with American Academy Holdings LLC, a North Carolina limited liability company d/b/a Healthicity (“Healthicity”), pursuant to which Healthcity engaged Sirrus Security to perform the following services to Healthicity and its clients, including, but not limited to the following:
|
1.
|
Penetration Testing
: Network Discovery, exploration, vulnerability Assessment & Reporting.
|
|
2.
|
Risk Analysis
: Technical Assessment and configuration review and Security Testing and Evaluation
|
After the in-depth penetration and risk analysis, Sirrus Security will provide key findings to Healthicity, including a high level overview, an inventory of identified systems, ports, software versions, and vulnerabilities that may pose a risk, and a detailed report containing serious vulnerabilities with impacts, descriptions, and recommendations.
Healthicity may terminate the agreement at any time without cause effective upon five (5) working days' prior written notice to Sirrus Security. In addition, Healthicity may terminate the agreement effective immediately if Sirrus Security is convicted of any crime or offense, fails or refuses to comply with the written policies or reasonable directive of Healthicity, is guilty of serious misconduct in connection with performance hereunder, violates HIPAA Privacy or materially breaches provisions of this agreement.
Under the Agreement, in connection with the services, Sirrus Security will have responsibilities with respect to the Use and/or Disclosure of Protected Health Information (“PHI”) as mandated by the Privacy Standards (45 C.F.R. Parts 160 and 164), Electronic Transactions Standards (45 C.F.R. Parts 160 and 162), and Security Standards (45 C.F.R. Parts 160, 162 and 164) promulgated under the Administrative Simplifications subtitle of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) as well as the data breach notification requirements as promulgated under the American Recovery and Reinvestment Act of 2009 (“ARRA”).
The Company is currently evaluating the potential future economic benefit of the agreement and has yet to determine an accurate estimate of future revenues associated with the agreement. No revenues have been earned to date.
The agreement is still in effect as of the date of this filing, and the Company is continuing to work with the partner to complete the expected goals of the agreement.
On May 8, 2017, Sirrus Security, entered into a Strategic Partnership Agreement with RelifyTime, LLC, a Nevada limited liability company ("Relify"), pursuant to which Relify has engaged Sirrus Security to develop and design a software applications program and hosting platform to be known as "Relify Time".
As consideration for the development and use of the product, Relify has agreed to pay Sirrus Security a royalty fee in an amount equal to 40% of the gross profit (gross sales less cost of goods sold), commencing on the date when Relify first sells licensed services incorporating the Product until an aggregate of $500,000 has been paid to Sirrus Security.
During the royalty period, Sirrus Security will provide maintenance and support for product. Any support and maintenance services, updates, versions or new releases after the expiration of the royalty period shall be contracted under a separate agreement between the parties to be executed no later than 30 days prior to the end of the royalty period.
At any time during the term of the agreement and up to one year thereafter, if Relify decides to sell the product to a third party, Sirrus Security will have a 30-day right of first refusal to acquire the product from Relify. At any time during the term of the agreement and one year thereafter, Relify shall grant Sirrus Security the right of first refusal for any financing transaction, expiring 14 days after notice is given.
Upon the completion of the royalty period, all intellectual property rights developed by Sirrus Security in connection with the provision of the services to Relify under the Agreement, or jointly by Sirrus Security or Relify, or by Sirrus Security pursuant to the specifications or instructions provided by Relify, shall belong exclusively to Relify. All pre-existing intellectual property rights shall remain the sole property of Sirrus Security. Notwithstanding anything contained in the Agreement, Sirrus Security shall be free to use any ideas, concepts, or know-how developed or acquired by Sirrus Security during the performance of the agreement to the extent obtained and retained by Sirrus Security’ personnel.
The agreement is still in effect as of August 31, 2017, and the Company is continuing to work with the partner to complete the expected goals of the agreement.
The term of the agreement continues until the completion of the Royalty Period. The agreement may be terminated by either party upon written notice to the other, if the other party breaches any material obligation under the agreement and fails to cure such breach within 30 days of receiving notification. In the case of a termination of the agreement, Relify has agreed to pay Sirrus Security for all services rendered and work performed up to the effective date of the termination.
The agreement also contains customary indemnification and confidentiality provisions. Neither party may assign its rights or obligations under the agreement without the prior written consent of the other party.
We have not declared bankruptcy, been involved in receivership or any similar proceeding.
Our office is located at 11340 Lakefield Drive, Suite 200, Johns Creek GA 30097 and our telephone number is (888) 263-7622. Our registered statutory office is located at 711 S. Carson Street, Suite 6, Carson City, Nevada 89701, (775) 882-4641. We do not own any property.
Description of Business
We are a start-up company incorporated in the State of Nevada on May 7, 2014. Our previous business was to seek to engage in the designing, marketing and distribution of electronic cigarettes (“e-cigarette”) in East Africa.
As of October 14, 2016 a change of control of the Company occurred, the Company now focuses on cyber security.
The internet and digital cyber world are dramatically transforming the way individual organizations use and interact with data. Cyber risk is only increasing.
Sirrus provides security technology products and services to help companies protect their assets and information. Sirrus is primarily focused on providing services to healthcare companies in the United States, which are required to be in compliance with government regulations such as Health Insurance Portability and Accountability Act ("HIPAA").
Our solutions provide organizations with various capabilities to search, analyze, and collect data and remediate problems. We are transitioning our business direction to enable Sirrus to become an industry leader in cyber security.
Mission Statement
Sirrus is on a mission to deliver impeccable cyber security solutions to its customers.
We are living in a world that has evolved and embraced the integration of technology in nearly every aspect of our daily lives. What this means is that companies that are facilitating our lifestyles are coming into possession of sensitive, personal and classified data. As technology evolves so do the hackers and their attacks which are becoming more sophisticated by the day. Organizations that previously required either no data protection or just very little of it are now facing the task of adapting and fighting off these attacks in order to ensure the security of all the data they collect and hold.
The Sirrus mission was crafted around a goal to assist clients and partners with navigating the exceedingly complex issues of corporate security through comprehensive penetration testing and network scanning, followed by design and implementation, utilizing their proprietary products and services.
Sirrus has developed their security solutions to be unintimidating, reasonably priced and most are offered as fully managed services including real-time monitoring with regularly scheduled security scans to ensure the integrity of their client’s security protocols.
Sirrus has no sales to date in the cyber security market but is focused on launching their services and products in the near future and around their strategy of rapidly building and launching new security technology.
Sirrus will be generating sales as it works closely with organizations called managed security providers (“MSP’s”) and security consultants as their distribution and sales component.
Our Core Business - Cyber Security Services for the Healthcare Industry
Sirrus is primarily focused on providing services to healthcare companies in the United States, which are required to be in compliance with government regulations such as HIPAA.
The Health Insurance Portability and Accountability Act, sets the standard for protecting sensitive patient data. Any company that deals with protected health information (PHI) must ensure that all the required physical, network, and process security measures are in place and followed.
The Following is an overview of the security rule of HIPAA:
On September 23, 2013, all companies that provide medical services and those vendors who support will be required to comply with the HIPAA established “Security Rule” to protect electronic files (e-PHI). Some of the requirements for maintaining HIPPA compliance include:
|
·
|
Annual Risk Analysis
|
|
·
|
Maintaining log files for all access to e-PHI documents
|
|
·
|
Maintain continuous, reasonable, and appropriate security protections
|
|
·
|
Evaluate the likelihood and impact of potential risks to e-PHI
|
|
|
(See Section 1A for definitions of HIPAA Security Rule.)
|
HIPAA Background:
Section 1-A) Defining the HIPPA “Security Rule”
|
·
|
The Security Rule requires covered entities to maintain reasonable and appropriate administrative, technical, and physical safeguards for protecting e-PHI.
|
Specifically, covered entities must:
|
1.
|
Ensure the confidentiality, integrity, and availability of all e-PHI they create, receive, maintain or transmit;
|
|
2.
|
Identify and protect against reasonably anticipated threats to the security or integrity of the information;
|
|
3.
|
Protect against reasonably anticipated, impermissible uses or disclosures; and
|
|
4.
|
Ensure compliance by their workforce.
|
The Security Rule defines “confidentiality” to mean that e-PHI is not available or disclosed to unauthorized persons. The Security Rule's confidentiality requirements support the Privacy Rule's prohibitions against improper uses and disclosures of PHI. The Security rule also promotes the two additional goals of maintaining the integrity and availability of e-PHI. Under the Security Rule, “integrity” means that e-PHI is not altered or destroyed in an unauthorized manner. “Availability” means that e-PHI is accessible and usable on demand by an authorized person.
U.S. Department of Health and Human Services recognizes that covered entities range from the smallest provider to the largest, multi-state health plan. Therefore the Security Rule is flexible and scalable to allow covered entities to analyze their own needs and implement solutions appropriate for their specific environments. What is appropriate for a particular covered entity will depend on the nature of the covered entity’s business, as well as the covered entity’s size and resources.
Therefore, when a covered entity is deciding which security measures to use, the Rule does not dictate those measures but requires the covered entity to consider:
|
o
|
Its size, complexity, and capabilities,
|
|
o
|
Its technical, hardware, and software infrastructure,
|
|
o
|
The costs of security measures, and
|
|
o
|
The likelihood and possible impact of potential risks to e-PHI.
|
Covered entities must review and modify their security measures to continue protecting e-PHI in a changing environment.
Risk Analysis and Management
|
·
|
The Administrative Safeguards provisions in the Security Rule require covered entities to perform risk analysis as part of their security management processes. The risk analysis and management provisions of the Security Rule are addressed separately here because, by helping to determine which security measures are reasonable and appropriate for a particular covered entity, risk analysis affects the implementation of all of the safeguards contained in the Security Rule.
|
|
|
|
|
·
|
A risk analysis process includes, but is not limited to, the following activities:
|
|
o
|
Evaluate the likelihood and impact of potential risks to e-PHI;
|
|
o
|
Implement appropriate security measures to address the risks identified in the risk analysis;
|
|
o
|
Document the chosen security measures and, where required, the rationale for adopting those measures; and
|
|
o
|
Maintain continuous, reasonable, and appropriate security protections.
|
|
·
|
Risk analysis should be an ongoing process, in which a covered entity regularly reviews its records to track access to e-PHI and detect security incidents, periodically evaluates the effectiveness of security measures put in place, and regularly reevaluates potential risks to e-PHI.
|
Administrative Safeguards
|
·
|
Security Management Process
. A covered entity must identify and analyze potential risks to e-PHI, and it must implement security measures that reduce risks and vulnerabilities to a reasonable and appropriate level.
|
|
|
|
|
·
|
Security Personnel.
A covered entity must designate a security official who is responsible for developing and implementing its security policies and procedures.
|
|
|
|
|
·
|
Information Access Management.
Consistent with the Privacy Rule standard limiting uses and disclosures of PHI to the "minimum necessary," the Security Rule requires a covered entity to implement policies and procedures for authorizing access to e-PHI only when such access is appropriate based on the user or recipient's role (role-based access).
|
|
|
|
|
·
|
Workforce Training and Management.
A covered entity must provide for appropriate authorization and supervision of workforce members who work with e-PHI.A covered entity must train all workforce members regarding its security policies and procedures, and must have and apply appropriate sanctions against workforce members who violate its policies and procedures.
|
|
|
|
|
·
|
Evaluation
. A covered entity must perform a periodic assessment of how well its security policies and procedures meet the requirements of the Security Rule.
|
Physical Safeguards
|
·
|
Facility Access and Control.
A covered entity must limit physical access to its facilities while ensuring that authorized access is allowed.
|
|
·
|
Workstation and Device Security.
A covered entity must implement policies and procedures to specify proper use of and access to workstations and electronic media. A covered entity also must have in place policies and procedures regarding the transfer, removal, disposal, and re-use of electronic media, to ensure appropriate protection of electronic protected health information (e-PHI).
|
Technical Safeguards
Access Control.
A covered entity must implement technical policies and procedures that allow only authorized persons to access electronic protected assets.
Audit Controls.
A covered entity must implement hardware, software, and/or procedural mechanisms to record and examine access and other activity in information systems that contain or use e-PHI. Maintaining log files is required.
Integrity Controls.
A covered entity must implement policies and procedures to ensure that e-PHI is not improperly altered or destroyed. Electronic measures must be put in place to confirm that e-PHI has not been improperly altered or destroyed.
Transmission Security.
A covered entity must implement technical security measures that guard against unauthorized access to e-PHI that is being transmitted over an electronic network.
Medical device cyber security is a major issue today as security breaches become more sophisticated and common, costing healthcare businesses more and more money. In order to protect the industry, medical devices, equipment and data has to be protected. To do so we believe preemptive actions are required.
Sirrus provides tangible, provable network protection that keeps companies in compliance with privacy and HIPPA regulations for data storage and management in real time.
We plan to establish and grow our core business through our Penetration Testing Services, Security Navigator Consulting Services, and the use of or Medlock Scanning Device.
We believe internal and external, automated scanning maintains compliance via proprietary digital marking, tracking and archiving, all customized for each company’s needs.
Our Products and Services
Penetration Testing Services
Penetration testing (also called pen testing) is the practice of testing a computer system, network or Web application to find vulnerabilities that an attacker could exploit.
Penetration testing and network scans are the core of network-based security and our security engineers are experts in this field.
Most of our anticipated security contracts will begin with penetration testing. Upon completion of our Penetration Testing Services we will create solutions under our Security Navigator Consulting Services to clients to keep the “bad boys” out of client networks while also monitoring those who have authorized access.
Security Navigator Consulting Services
Sirrus will provide to end user clients consulting services to customize security programs and platforms to keep their networks and data safe.
Our services consultants help in the design of deployment of our products and work closely with end-client engineers, managers and other project team members to implement our products and services according to design.
Medlock and Trust Lock Scanning Devices
The next products in the Sirrus product and services line are MedLock and TrustLock network scanning devices.
MedLock and TrustLock network appliances and services are valuable to any corporation that wishes to maintain established security protocols for their data files and network devices. Sales and marketing efforts will be focused initially for Medlock on companies required to maintain HIPPA standards or other regulatory requirements. TrustLock devices and services are designed and aimed at customers outside of the healthcare industry such as finance companies. Thus the Company plans for the medical and finance fields to be pursued initially.
These devices reside inside the client’s network and perform preprogrammed network scans, then store and forward log files for future verification of designated events as well as detecting wireless and other unauthorized network access. These devices are also utilized outside client’s networks to provide scheduled external scanning and breach detection from the Sirrus data center.
This external service called MedLock Secure Scan is offered as a managed service and includes written reports on levels of security maintained or severity of breach should one be detected. This service will be sold through MSP’s primarily as a sales tool for them to sell the SecNav security services.
MedLock Secure Scan - Turnkey Security Scanner for Monitoring HIPAA Compliant Companies
Sirrus is designing the MedLock Secure Scan to address the complicated issues involved in maintaining HIPPA compliance.
|
·
|
The Medlock device is preprogrammed before installation to address requirements medical related businesses must maintain to remain HIPPA compliant.
|
|
|
|
|
·
|
The MedLock Security Scanner searches your network for unauthorized access points and devices while logging activity thus locating potential network vulnerabilities.
|
|
|
|
|
·
|
The reports generated by the MedLock device, which are reviewed by highly trained security professionals for problems that are potentially critical in nature, are then submitted for review by the company’s security official.
|
|
|
|
|
·
|
Companies with the MedLock Secure Scanner installed in their network by security professionals, demonstrate with provable results that the company is following the HIPPA guidelines and that they are maintaining those guidelines by reviewing monthly reports and taking corrective action when necessary. Additional logging of all access to a company’s e-PHI documents provides an electronic tracer establishing who has had access and when, if a breach occurs.
|
|
|
|
|
·
|
Installing the MedLock Secure Scan may begin with a simple scan to determine placement and configuration or a complete turnkey Vulnerability Assessment.
Once installed, the MedLock Secure Scan connects to the Sirrus secure servers located in a private data center to establish both internal and external vulnerability scanning.
Monthly reports are reviewed and submitted with easy to understand notations to determine if action if required. (Multiple devices may be required for large or diversified networks)
|
LightsOut Physical Security Device
LightsOut is a mobile security device and system, which is applicable for any place valuable items are kept where power and or Internet are not available. This includes empty rental properties and construction sites to prevent vandalism, boats, storage facilities, even locations where individuals are storing emergency supplies and valuables.
The LightsOut solution uses a hardware and software together to provide security monitoring to consumers and businesses.
The all in one hardware device, which consists of a core technology based on the miniature Arduino platform, includes motion sensors, smoke detectors, access control and it can run up to 30 days on battery power alone. These tiny systems notify the system administrator of any preprogrammed alert via cell, email or text.
LightsOut includes a monthly monitoring fee, which becomes a recurring revenue stream for the product line.
Time Services
To complement our other products and services our company is currently developing time verification services and partnerships to provide verifiable time stamping which would constantly verify the accuracy of certain events with the NIST time servers.
MARKET, INDUSTRY AND OTHER DATA
Unless otherwise indicated, information contained in this report concerning our industry and the markets in which we operate, including our general expectations and market position, market opportunity and market size, is based on information from various sources, on assumptions that we have made that are based on those data and other similar sources and on our knowledge of the markets for our services. These data involve a number of assumptions and limitations. We have not independently verified the accuracy of any third party information. In addition, projections, assumptions and estimates of our future performance and the future performance of the industry in which we operate is necessarily subject to a high degree of uncertainty and risk due to a variety of factors, including those described elsewhere in this report. These and other factors could cause results to differ materially from those expressed in the estimates made by the independent parties and by us.
Our Market Opportunity
Global Growth
We believe that the security market is in the midst of a significant transition as organizations are investing in a new generation of security solutions to help protect them against today’s sophisticated and targeted cyber threats from both external attackers and malicious insiders. Gartner estimates that by 2020, 60% of enterprise information security budgets will be allocated to rapid detection and response approaches, up from less than 10% in 2014. Recognizing that traditional perimeter-based threat protection solutions are not sufficient to protect against today’s advanced cyber threats, enterprises are investing in security solutions within the datacenter to protect the inside of their networks. According to a 2012 report by International Data Corporation (IDC), worldwide spending on datacenter security solutions was $10.7 billion in 2011 and is expected to grow to $16.5 billion by 2016, representing a compound annual growth rate of 9.3%. According to the same report, worldwide spending for IT security solutions was $28.4 billion in 2011 and is expected to grow to $40.8 billion in 2016, representing a compound annual growth rate of 7.6%.
According to the cybersecurityventures.com cyber security market report:
|
·
|
Worldwide cybersecurity market grew from $3.5 billion in 2004 to $75 billion in 2015, forecasted to reach $170 billion by 2020.
|
|
·
|
The global cybersecurity market has grown approximately 35 times over the past 13 years. It is predicted to continue growing over the time to come and reach a staggering $170 billion by 2020. “
|
|
·
|
The United States is increasing it spending on cybersecurity from $14 billion in 2016 to $19 billion in 2017 which is over 35%
|
BUSINESS STRATEGY AND OPERATIONS
Customers
We typically sell our security products and services to channel partners such as MSP’s, who in turn sell to end users of various sizes and, at times, we also sell directly to end users, especially for our products such as LightsOut. Our end users include individuals small businesses, large enterprises, government organizations, and service providers, across a wide range of industries, including telecommunications, technology, government, financial services, education, retail, manufacturing and healthcare.
Sales and Marketing
We typically sell our security solutions to channel partners such as MSP’s, who in turn sell to end-customers.
Our main sales and marketing focus will be for our Penetration Testing Services and Medlock Secure Scan. The initial phase for marketing the MedLock Secure Scan will be to target U.S. companies that have received funding from Medicaid and Medicare Electronic Health Records “Meaningful Use” Incentive Funds. We have obtained the list of the companies who have received these funds and the software they have purchased to meet the requirement for future funding. These companies have annual requirements for performing Risk Assessments as well as maintaining HIPPA compliance and by targeting these companies though our MSP channel partners and offering them the our cost effective solution, we believe we will have a high level of success in selling into this market.
We plan to utilize distributors to market LightOuts to retail stores. We plan to also direct sell and market LightsOut through infomercials and we will also plan to market our products as LightsOut direct to our end users online, giving access to anyone wanting to purchase our products from our website.
Manufacturing
We plan to use third party providers to source and manufacture our LightsOut product.
We plan to contract with a manufacturer for LightsOuts that will provide us with finished products, which we plan to hold in inventory for distribution, sale and use.
Competition
The market for cyber security services related to our core business is intensely competitive, and we expect competition to increase in the future. Changes in the threat landscape and the broader IT infrastructure have led to quickly evolving client requirements for protection from security threats and adversaries.
The markets for our products are extremely competitive and are characterized by rapid technological change. The principal competitive factors in our core business markets include the following:
|
·
|
product performance, features, effectiveness, interoperability and reliability;
|
|
·
|
our ability to add and integrate new networking and security features and technological expertise;
|
|
·
|
compliance with industry standards and certifications;
|
|
·
|
price of products and services and total cost of ownership;
|
|
·
|
brand recognition;
|
|
·
|
customer service and support;
|
|
·
|
sales and distribution capabilities;
|
|
·
|
size and financial stability of operations; and
|
|
·
|
breadth of product line.
|
Among others, our competitors include Check Point Software Technologies Ltd. (“Check Point”), Secureworks Corp. (“Secureworks”), Qualys, Inc. (“Qualys”), FireEye, Inc. (“FireEye”), NetScout Systems, Inc. (“NetScout”).
We believe we can compete favorably based on our products’ performance, reliability and breadth, our ability to add and integrate new networking and security features and our technological expertise. The vast majority of our competitors are significantly larger, have greater financial, technical, marketing, distribution, customer support and other resources, are more established than we are and have significantly better brand recognition. All of these larger competitors have substantially broader product offerings and leverage their relationships based on other products or incorporate functionality into existing products in a manner that may discourage users from purchasing our products. Based in part on these competitive pressures, we may have to lower prices or attempt to add incremental features and functionality.
Conditions in our markets could change rapidly and significantly as a result of technological advancements or continuing market consolidation. The development and market acceptance of alternative technologies could decrease the demand for our products or render them obsolete. Our competitors may introduce products that are less costly, provide superior performance, market their products better, or achieve greater market acceptance than us. In addition, our larger competitors often have broader product lines and are in a better position to withstand any significant reduction in capital spending by end-users in these markets, and will therefore not be as susceptible to downturns in a particular market. The above competitive pressures are likely to continue to impact our business. We may not be able to compete successfully in the future, and competition may harm our business.
Our Competitive Strengths
We aim to be a leader in providing cyber security solutions that protect organizations against advanced cyber-attacks. We believe that the following key competitive advantages will allow us to achieve that leadership position:
The main competitive advantage of our company is our team and their expertise. Each of the officers of our company possesses a high level of expertise in the core groups of security management. From this foundation they will develop and grow an entity capable of assisting their clients in navigating a truly complete solution without conflicting software or security processes. Their high levels of expertise also allow many of their products to be customized to meet their client’s specifics requirements.
The following table provides details as to our company’s strength for our products and services:
Product or
Service
|
Description
|
Competitive Strength
|
Penetration Testing
|
Our company’s core business provides penetration testing to healthcare institutions. Simply put our network engineers test the security of a client’s network by trying to “penetrate” its network.
|
The main competitive advantage for the penetration testing service is our engineers. As security navigators, penetration testing is a learned skill and with hundreds of tests performed, our engineers possess a very high level of expertise. In fact, in all of the tests conducted so far, they have yet to fail an authorized attempt to gain access to a client’s target asset prior to proper protocol’s being put in place.
|
Medlock
|
Medlock is a network scanner device. It is deployed after a penetration test in conjunction with our security center services when a client wants to hire our company to protect their network from the “bad guys”.
Medlock will reside inside the client’s network and perform preprogrammed network scans, then store and forward log files for future verification of designated events. Medlock can also detect wireless and other unauthorized network access.
|
The main competitive advantage Medlock is that it is a hardware solution combined with a managed service. We can secure a network inside and out because of the hardware being installed right inside a client’s system communicating constantly to our external security center.
|
LightsOut
|
LightsOut is a portable all in one hardware security device, which, includes motion sensors, smoke detectors, access control and it can run up to 45 days on battery power alone. LightsOut sends notifications via cell, email or text of location breach, outages, fire etc.
|
The main competitive advantages for LightsOut are that its portable has a tough rugged casing, and most importantly it uses long lasting batteries so it works without direct connection to power.
|
Compliance with Government Regulation
Government Regulation: Encrypted technologies that are exported
If we plan to export our information security solutions and technologies which incorporate encryption technology those solution may be exported outside the United States only if we obtain an export license or qualify for an export license exception. Compliance with applicable regulatory requirements regarding the export of our solutions and technologies may create delays in the introduction of our solutions and technologies in international markets, prevent our clients with international operations from utilizing our solutions and technologies throughout their global systems or prevent the export of our solutions and technologies to some countries altogether. In addition, various countries regulate the import of our appliance-based technologies and have enacted laws that could limit our ability to distribute, and our clients’ ability to implement, our technologies in those countries. Any new export or import restrictions, new legislation or shifting approaches in the enforcement or scope of existing regulations, or in the countries, persons or technologies targeted by such regulations, could result in decreased use of our solutions and technologies by existing clients with international operations, loss of sales to potential clients with international operations and decreased revenue. If we fail to comply with export and import regulations, we may be denied export privileges, be subjected to fines or other penalties or fail to obtain entry for our technologies into other countries.
Government Regulation: Internet
We are subject to federal, state and local laws and regulations applicable to businesses generally in the United States, where our business is incorporated in the state of Nevada. We are also subject to a number of foreign and domestic laws and regulations that affect companies conducting business on the Internet, many of which are still evolving and could be interpreted in ways that could harm our business. In the United States and abroad, laws relating to the liability of providers of online services for activities of their users and other third parties are currently being tested by a number of claims, including actions based on invasion of privacy and other torts, unfair competition, copyright and trademark infringement, and other theories based on the nature and content of the materials searched, the ads posted, or the content provided by users. Any court ruling or other governmental action that imposes liability on providers of online services for the activities of their users and other third parties could harm our business. In addition, rising concern about the use of data collection and GPS tracking technologies for illegal conduct, such as the unauthorized dissemination of national security information, money laundering or supporting terrorist activities may in the future produce legislation or other governmental action that could require changes to our products or services, restrict or impose additional costs upon the conduct of our business or cause users to abandon material aspects of our service.
In the area of information security and data protection, many states have passed laws requiring notification to users when there is a security breach for personal data, such as the 2002 amendment to California’s Information Practices Act, or requiring the adoption of minimum information security standards that are often vaguely defined and difficult to practically implement. The costs of compliance with these laws may increase in the future as a result of changes in interpretation. Furthermore, any failure on our part to comply with these laws may subject us to significant liabilities.
We are also subject to federal, state, and foreign laws regarding privacy and protection of member data. We intend to post on our website a privacy policy and user agreement, which will describe our practices concerning the use, transmission and disclosure of member data. Any failure by us to comply with our posted privacy policy or privacy related laws and regulations could result in proceedings against us by governmental authorities or others, which could harm our business. In addition, the interpretation of privacy and data protection laws, and their application to the Internet is unclear, evolving and in a state of flux. There is a risk that these laws may be interpreted and applied in conflicting ways from state to state, country to country, or region to region, and in a manner that is not consistent with our current data protection practices, or that new regulations will be enacted. Complying with these varying domestic and international requirements could cause us to incur additional costs and change our business practices. Further, any failure by us to adequately protect our members’ privacy and data could result in a loss of member confidence in our services and ultimately in a loss of members and customers, which could adversely affect our business.
In addition, because our services are accessible worldwide, certain foreign jurisdictions may claim that we are required to comply with their laws, including in jurisdictions where we have no local entity, employees, or infrastructure.
Research and Development
We focus our research and development efforts on developing new products, services and systems, and adding new features to existing products, services and systems. Our research and development strategy is to identify features, products and systems for both software and hardware that we believe are, or are expected to be, important to our end-users.
We have incurred $Nil in research and development expenditures over the last two fiscal years.
Intellectual Property
We do not currently have any intellectual property that has been approved or is pending for patents or trademarks.
We currently rely on trade secrets laws, confidentiality procedures and contractual provisions to protect our technology. We plan to use trademark, patent and copyright law in the future to further protect our intellectual property and technology when and where we believe we should protect them over and above existing trade secret law. We also plan to license software from third parties for inclusion in our products, including open source software and other software available on commercially reasonable terms.
Despite our efforts to protect our rights in our technology, unauthorized parties may attempt to copy aspects of our products and services or obtain and use information that we regard as proprietary. We plan to generally enter into confidentiality agreements with our employees, consultants, vendors and customers, and generally limit access to and distribution of our proprietary information. However, we cannot provide assurance that the steps we take will prevent misappropriation of our technology. In addition, the laws of some foreign countries do not protect our proprietary rights to as great an extent as the laws of the United States, and many foreign countries do not enforce these laws as diligently as government agencies and private parties in the United States.
Employees
We have no employees. Our officers and directors provide their services to our company as independent consultants.
Research and Development
We have incurred $Nil in research and development expenditures over the last two fiscal years.
Intellectual Property
We do not currently have any intellectual property.
WHERE YOU CAN FIND MORE INFORMATION
You are advised to read this Form 10-K in conjunction with other reports and documents that we file from time to time with the SEC. In particular, please read our Quarterly Reports on Form 10-Q and Current Reports on Form 8-K that we file from time to time. You may obtain copies of these reports directly from us or from the SEC at the SEC’s Public Reference Room at 100 F. Street, N.E. Washington, D.C. 20549, and you may obtain information about obtaining access to the Reference Room by calling the SEC at 1-800-SEC-0330. In addition, the SEC maintains information for electronic filers at its website http://www.sec.gov.