Ocuphire Pharma, Inc. 10-K Cybersecurity GRC - 2024-03-08

Page last updated on April 11, 2024

Ocuphire Pharma, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-08 17:20:34 EST.

Filings

10-K filed on 2024-03-08

Ocuphire Pharma, Inc. filed an 10-K at 2024-03-08 17:20:34 EST
Accession Number: 0001140361-24-012399

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Risk Management and Strategy The Company has adopted a cybersecurity risk management program that includes processes designed to identify, assess, manage, and monitor risks from cybersecurity threats. We have integrated cybersecurity risk management into our broader risk management framework to promote a company-wide culture of cybersecurity awareness and risk management. Those processes include conducting an assessment of internal and external threats to the security, confidentiality, integrity and availability of Company data and systems along with other material risks to Company operations, at least annually and whenever there are material changes to the Company s systems or operations, and responding to risks identified. The Company s cybersecurity and risk management program is based on National Institute of Standards and Technology (NIST) frameworks. As part of our risk management process, the Company also engages outside providers to conduct periodic security assessments. As part of our third-party risk management program, we conduct assessments of vendor cybersecurity risks, including risks associated with our cloud vendors and other third parties. Cybersecurity Threats As of the date of this report, we have not identified any risks from a cybersecurity threat or incident that we believe has or is reasonably likely to have a material effect on our business strategy, results of operations, or financial condition. Despite our continuing efforts, we cannot guarantee that our cybersecurity safeguards will prevent breaches or breakdowns of our or our third-party service providers information technology systems, particularly in the face of continually evolving cybersecurity threats and increasingly sophisticated threat actors. For more information, see Item 1A Risk Factors, Our business and operations would suffer in the event of system failures or unplanned events, including cyber incidents, network security breaches, service interruptions, or data corruption . 83 Table of Contents Ocuphire Pharma, Inc. Form 10-K Governance The cybersecurity risk management program, including the prevention, detection, mitigation, and remediation of cybersecurity incidents, is led by the Company s Finance organization, including the Senior Vice President of Finance and the Senior Director of Finance. Both of these individuals have experience in overseeing our cybersecurity and information technology programs and have held similar oversight functions in prior roles. We rely heavily on information technology consultants for advice and expertise on monitoring evolving industry standards and to monitor our compliance with applicable policies. The Senior Vice President of Finance reports on cybersecurity matters to the Company s Audit Committee at least annually, as well as any time there are material changes to the Company s systems or operations and material updates are shared at each regular meeting of the full Board. The Senior Vice President of Finance also reports to the Company s Chief Executive Officer and other members of our senior management as appropriate. These reports may feature an overall assessment of the Company s compliance with the Company s cybersecurity policies and include topics such as risk assessment, risk management and control decisions, service provider arrangements, test results, security incidents and responses, and recommendations for changes and updates to policies and procedures. In addition, the results of any external reviews on our cybersecurity program are reported to senior management and the Audit Committee.

Company Information