DiaMedica Therapeutics Inc. 10-K Cybersecurity GRC - 2024-03-19

Page last updated on April 11, 2024

DiaMedica Therapeutics Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-19 16:17:19 EDT.

Filings

10-K filed on 2024-03-19

DiaMedica Therapeutics Inc. filed an 10-K at 2024-03-19 16:17:19 EDT
Accession Number: 0001437749-24-008522

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Cybersecurity, data privacy, and data protection are critical to our business. In the ordinary course of our business, we collect and store certain confidential information such as information about our employees, contractors, vendors, suppliers, and clinical data. We continue to augment the capabilities of our people, processes, and technologies in order to address our cybersecurity risks. Our cybersecurity risks, and the controls designed to mitigate those risks, are integrated into our overall risk management governance and are reviewed yearly by our Board of Directors. Risk Management and Strategy As of December 31, 2023, we have implemented cybersecurity and data protection policies and procedures for assessing, identifying, and managing cybersecurity threats. We take a risk-based approach to cybersecurity, which begins with the identification and evaluation of cybersecurity risks or threats that could affect our operations, finances, legal or regulatory compliance, or reputation. The scope of our evaluation encompasses risks that may be associated with both our internally managed IT systems and key business functions and sensitive data operated or managed by third-party service providers, thereby safeguarding our integrated operations. Risks from cybersecurity threats are regularly evaluated as a part of our broader risk management activities and as a fundamental component of our internal control systems. Our employees receive ongoing cybersecurity awareness trainings, including specific topics related to social engineering and email frauds. We use information technology consultants with significant expertise in cybersecurity related to our industry. We utilize advanced technologies for continuous cybersecurity monitoring across our information technology environment which are designed to prevent, detect, and minimize cybersecurity attacks, as well as alert management of such attacks. 63 Our IT general controls are firmly established based on recognized industry standards and cover areas such as risk management, data backup, and disaster recovery. We have utilized an outsourced IT services vendor to reduce and monitor security threats and vulnerabilities and respond to all cybersecurity incidents affecting us, including prompt escalation and communication of major security incidents to senior business leadership and our Board of Directors. Governance Our Board of Directors is responsible for overseeing our cyber security risk management and strategy, including overseeing management s responsibility to assess, manage and mitigate risks associated with our business and operational activities, to administer our various compliance programs, in each case including cybersecurity concerns, and to oversee our IT systems, processes and data. Our senior leadership, including our Chief Executive Officer and Chief Financial Officer, regularly meet with and provides periodic briefings to our Board of Directors regarding our cybersecurity risks and activities, including any recent cybersecurity incidents, if any, and related responses, cybersecurity systems testing, and activities of third parties. Management has implemented risk management policies and procedures, and management is responsible for the day-to-day cybersecurity risk management. Our Chief Financial Officer is responsible for the day-to-day assessment and management of our cybersecurity risks. Cybersecurity Threat Disclosure To date, we are not aware of any cybersecurity threats that have materially affected or are reasonably likely to materially affect our Company s business strategy, results of operations or financial condition. For further discussion of cybersecurity risks, please see Item 1A, “Risk Factors”.

Company Information