Quoin Pharmaceuticals, Ltd. 10-K Cybersecurity GRC - 2024-03-14

Page last updated on April 11, 2024

Quoin Pharmaceuticals, Ltd. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-14 16:42:23 EDT.

Filings

10-K filed on 2024-03-14

Quoin Pharmaceuticals, Ltd. filed an 10-K at 2024-03-14 16:42:23 EDT
Accession Number: 0001410578-24-000198

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C . Cybersecurity
Item 1C. Cybersecurity We depend on a variety of information systems and technologies (including cloud technologies) to manage our business. We maintain a cyber risk management program designed to identify, assess, manage, mitigate, and respond to cybersecurity threats. The underlying processes and controls of our cyber risk management program incorporate recognized best practices and standards for cybersecurity and information technology, including the National Institute of Standards and Technology ( NIST ) Cybersecurity Framework ( CSF ). We have undertaken, to conduct an annual assessment of our cyber risk management program and controls to identify, quantify, and categorize material cyber risks. In addition, we have developed a risk mitigation plan to address such risks, and where necessary, remediate potential vulnerabilities identified through the annual assessment process. In addition, we maintain policies over areas such as information security, access on/offboarding, and access and account management, to help govern the processes put in place by management designed to protect our IT assets, data, and services from threats and vulnerabilities. Our cybersecurity risk management strategy and infrastructure includes maintenance of an IT assets inventory, periodic vulnerability scanning, identity access management controls including restricted access of privileged accounts, network integrity safeguarded by employing web-based software, industry-standard encryption protocols, critical data backups, infrastructure maintenance, incident response, cybersecurity strategy, and cyber risk advisory, assessment and remediation. Our management team is responsible for oversight and administration of our cyber risk management program, and for informing senior management and other relevant stakeholders regarding the prevention, detection, mitigation, and remediation of cybersecurity incidents. Our management team relies on threat intelligence as well as other information obtained from governmental, public, or private sources, including external consultants who may be engaged by us for strategic cyber risk management, advisory and decision making. To the extent we utilize third-party vendors to provide information technology services for various areas, including human resources functions (e.g., payroll), we generally require these vendors to monitor and protect their information technology systems against cyber-attacks and other breaches. The Audit Committee of the Board of Directors oversees our cybersecurity risk exposures and the steps taken by management to monitor and mitigate cybersecurity risks. Member(s) of management brief the Audit Committee on cyber vulnerabilities identified through the risk management process, the effectiveness of our cyber risk management program, and the emerging threat landscape and new cyber risks on at least an annual basis. This includes updates on our processes to prevent, detect, and mitigate cybersecurity incidents. 41 Table of Contents We face risks from cybersecurity threats that could have a material adverse effect on our business, financial condition, results of operations, cash flows or reputation. We acknowledge that the risk of cyber incident is prevalent in the current threat landscape and that a future cyber incident may occur in the normal course of our business. To date, we have not had a cybersecurity incident. We proactively seek to detect and investigate unauthorized attempts and attacks against our IT assets, data, and services, and to prevent their occurrence and recurrence where practicable through changes or updates to internal processes and tools and changes or updates to service delivery however, potential vulnerabilities to known or unknown threats will remain. Further, there is increasing regulation regarding responses to cybersecurity incidents, including reporting to regulators, investors, and additional stakeholders, which could subject us to additional liability and reputational harm. See Item 1A. Risk Factors for more information on cybersecurity risks.

Company Information