Aquestive Therapeutics, Inc. 10-K Cybersecurity GRC - 2024-03-05

Page last updated on July 16, 2024

Aquestive Therapeutics, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-05 17:12:49 EST.


10-K filed on 2024-03-05

Aquestive Therapeutics, Inc. filed a 10-K at 2024-03-05 17:12:49 EST
Accession Number: 0001628280-24-009010

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy Aquestive’s cybersecurity program is built on three key pillars: Governance, Process, Compliance and Audit. While we face risks from cybersecurity threats that could have a material adverse effect on our business, financial condition, and results of operations, Aquestive’s cybersecurity program is built upon a set of policies, procedures, and standards supported by training and awareness. The cybersecurity team has significant experience in managing cybersecurity programs and has engaged with a MSSP to deploy state of the art cybersecurity technologies and gather threat intelligence and cyber risk trends. The cybersecurity program is executed with the MSSP which provides active threat monitoring, risk assessment and incident response capabilities to timely assess and address any material cyber risk that could impact our business operations. The Senior Vice President of Information Technology (“IT Officer”), along with the broader Information Technology function, is responsible for assessing and managing Aquestive’s cybersecurity risk and informing senior management regarding the prevention, detection, mitigation, and remediation of cybersecurity incidents. Governance Role of Management/Board The IT Officer reports to the Chief Executive Officer and leads our cybersecurity program. Our IT Officer has over ten years of experience in information security strategy and the management of cybersecurity risk. The internal Aquestive IT team has over fifteen years of technical experience, program management and architecture experience in managing cyber risk and information security. In addition, the Audit Committee of the Board oversees Aquestive’s cybersecurity risk exposures. The IT Officer briefs the Audit Committee on the effectiveness of Aquestive’s cybersecurity program quarterly with a more in depth review done annually. In addition, cybersecurity risks are also reviewed as part of our overall Enterprise Risk Management program. We have not encountered any cybersecurity threats or incidents that have had a material impact on our business.

Company Information

NameAquestive Therapeutics, Inc.
SIC DescriptionPharmaceutical Preparations
TickerAQST - Nasdaq
Emerging growth company
Fiscal Year EndDecember 30