SEELOS THERAPEUTICS, INC. 10-K Cybersecurity GRC - 2024-03-06

Page last updated on April 11, 2024

SEELOS THERAPEUTICS, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-06 16:50:40 EST.

Filings

10-K filed on 2024-03-06

SEELOS THERAPEUTICS, INC. filed an 10-K at 2024-03-06 16:50:40 EST
Accession Number: 0001410578-24-000140

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY In the normal course of business, we collect and store personal information and other sensitive information, including proprietary and confidential business information, intellectual property, information regarding patients and clinical trial participants, sensitive third - party information and employee information. Our cybersecurity risk management strategy focuses on several areas: Identification and Reporting: We have implemented a cross - functional approach to assessing, identifying and managing material cybersecurity threats and incidents. Our program includes controls and procedures to properly identify, classify and escalate certain cybersecurity incidents to provide management visibility and obtain direction from management as to the public disclosure and reporting of material incidents in a timely manner. We conduct periodic assessments and testing of our policies, standards, processes, and practices in a manner intended to address cybersecurity threats and events. Technical Safeguards: We implement technical safeguards that are designed to protect our information systems from cybersecurity threats, including firewalls, intrusion prevention and detection systems, anti - malware functionality, and access controls, which are evaluated and improved through vulnerability assessments and cybersecurity threat intelligence, as well as outside audits and certifications. We use managed detection and response services to monitor our network infrastructure and associated endpoints for possible cybersecurity threats. In addition, we use multi - factor authentication, perform regular penetration testing and engage third parties to assess the effectiveness of our cybersecurity practices. Incident Response and Recovery Planning: We have established and maintain incident response, business continuity, and disaster recovery plans designed to address our response to a cybersecurity incident. We conduct regular tabletop exercises to test these plans and ensure personnel are familiar with their roles in a response scenario. Third - Party Risk Management: We maintain a risk - based approach to identifying and overseeing material cybersecurity threats presented by third parties, including vendors, service providers, and other external users of our systems, as well as the systems of third parties that could adversely impact our business in the event of a material cybersecurity incident affecting those third - party systems, including any outside auditors or consultants who advise on our cybersecurity systems. Education and Awareness: We provide regular, mandatory training for all levels of employees regarding cybersecurity threats as a means to equip our employees with effective tools to address cybersecurity threats, and to communicate our evolving information security policies, standards, processes, and practices. 62 Table of Contents Our Board of Directors (the Board ) is responsible for overseeing our risk management program and cybersecurity is a critical element of this program. The Audit Committee of our Board oversees management of risk, including cybersecurity and the management of cybersecurity threats. This committee meets regularly with the Company s management and reports to the full Board. Management is responsible for the day - to - day administration of our risk management program and our cybersecurity policies, processes, and practices. Our cybersecurity policies, standards, processes, and practices are integrated into our overall risk management system and processes. In general, we seek to address material cybersecurity threats through a company - wide approach that addresses the confidentiality, integrity, and availability of our information systems or the information that we collect and store, by assessing, identifying and managing cybersecurity issues as they occur. The Board and the Audit Committee also receive prompt and timely information regarding any cybersecurity risk that meets pre - established reporting thresholds, as well as ongoing updates regarding any such risk. Our CEO and CFO each have over 25 years of experience managing risk at the Company and at similar companies. Material Affects of Cybersecurity Incidents Other than as disclosed in Part I, Item 1A Risk Factors above, including, without limitation, the risk factor under the heading We rely significantly on information technology and any failure, inadequacy, interruption or security lapse of that technology, including any cybersecurity incidents, could harm our ability to operate our business effectively , risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have not materially affected and are not reasonably likely to materially affect our company, including our business strategy, results of operations, or financial condition.

Company Information