CUMBERLAND PHARMACEUTICALS INC 10-K Cybersecurity GRC - 2024-03-12

Page last updated on April 11, 2024

CUMBERLAND PHARMACEUTICALS INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-12 21:14:11 EDT.

Filings

10-K filed on 2024-03-12

CUMBERLAND PHARMACEUTICALS INC filed an 10-K at 2024-03-12 21:14:11 EDT
Accession Number: 0001628280-24-010725

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy. We rely on information technology and data to operate our business and develop, market, and deliver our products to our customers. We have implemented and maintain various information security processes designed to identify, assess and manage material risks from cybersecurity threats to our communication systems, and our critical data which includes confidential, personal, proprietary, and other sensitive information (collectively Information Assets ). Accordingly, we maintain certain risk assessment processes intended to identify cybersecurity threats, determine their likelihood of occurring, and assess potential material impact to our business. Based on our assessment, we implement and maintain risk management processes designed to protect the confidentiality, integrity, and availability of our Information Assets and mitigate harm to our business. Our company s general risk management program is designed to manage potential material risks, which includes material cybersecurity risks to our Information Assets. We engage in processes designed to identify such threats by, among other things, monitoring the threat environment using manual and automated tools, subscribing to services that identify cybersecurity threats, analyzing reports of threats and actors, conducting scans of the threat environment, evaluating threats reported to us, coordinating with law enforcement concerning threats, and conducting threats and vulnerability assessments. We rely on a multidisciplinary team to assess cybersecurity threats and a potential impact to our business. These assessments leverage industry tools and metrics designed to assist in the assessment of risks from such cybersecurity threats. We also implement and maintain various technical, physical and organizational measures designed to manage and mitigate material risks from cybersecurity threats to our Information Assets. The cybersecurity risk management and mitigation measures we implement include policies and procedures designed to address cybersecurity threats, including an incident response plan and a disaster recovery/business continuity plan. To address the company s cybersecurity risk, we utilize incident detection and response tools, internal and third-party assessments of our exposure to cybersecurity threats and compliance with risk mitigation procedures, and testing of our relevant controls including data segregation, insurance and assignment of cybersecurity responsibilities. We also work with third parties from time to time to assist us in identification, assessment and management of cybersecurity risks. For additional informant and a description of the risks from cybersecurity threats that may materially affect us and how they may do so, refer to Part I, Item 1A. Risk Factors. 56 Governance. Our cybersecurity risk assessment and management processes are implemented and maintained by certain company employees. Management is responsible for hiring appropriate personnel, integrating cybersecurity considerations into our company s overall risk management strategy, and for communicating key priorities to employees, helping prepare for cybersecurity incidents, approving cybersecurity processes, and reviewing security assessments and other security-related reports. Our cybersecurity incident response and vulnerability assessments processes involve management, who participates in our disclosure controls and procedures. Our cybersecurity processes are designed to escalate certain incidents and vulnerabilities to members of management depending on the circumstances, including cooperation with our company s incident response team to help mitigate and remediate cybersecurity incidents. In addition, these processes include reporting to the board of directors for certain cybersecurity incidents. Management including information technology, legal and accounting executives are involved with our company s efforts to prevent, detect, and mitigate cybersecurity incidents by overseeing preparation of cybersecurity policies and procedures, testing of incident response plans, and engaging vendors with appropriate expertise. They participates in cybersecurity incident response efforts and directs the company s response to cybersecurity incidents. Our Board of Directors addresses the company s cybersecurity risk management as part of its general oversight function. The Board of Directors has access to various reports, summaries or presentations related to cybersecurity threats, risk, and mitigation.

Company Information