QSAM Biosciences, Inc. 10-K Cybersecurity GRC - 2024-03-20

Page last updated on April 11, 2024

QSAM Biosciences, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-20 16:51:34 EDT.

Filings

10-K filed on 2024-03-20

QSAM Biosciences, Inc. filed an 10-K at 2024-03-20 16:51:34 EDT
Accession Number: 0001493152-24-010683

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Cybersecurity Risk Management and Strategy The Company does not have its own cybersecurity policy but relies on the policies and procedures of its Contract Research Organizations (CROs) and Software as a Service (SaaS) contractors that handle its data and software. We are committed to protecting the confidentiality, integrity, and availability of our information assets and complying with applicable laws and regulations regarding cybersecurity. Cybersecurity Risks and Incidents The Company faces various cybersecurity risks and threats that could potentially affect its operations, reputation, financial condition, and competitive position. These risks and threats include, but are not limited to, unauthorized access, use, disclosure, modification, or destruction of our data, systems, or networks denial of service attacks malware infections phishing or social engineering attacks ransomware attacks loss or theft of devices or media containing our data human error or negligence natural disasters power outages or sabotage. Our data and systems may also be subject to cybersecurity breaches or incidents at its CROs, vendors, partners, or other third parties that we interact with or rely on. 33 We have not experienced any material cybersecurity breaches or incidents to date, but we cannot guarantee that we will not suffer any such breaches or incidents in the future. We may not be able to detect, prevent, or respond to all cybersecurity risks and threats in a timely or effective manner. We may also incur significant costs and liabilities as a result of any cybersecurity breaches or incidents, such as legal claims, regulatory fines, remediation expenses, reputational damage, loss of business opportunities, or competitive disadvantage. We may also face litigation, investigations, or enforcement actions by governmental authorities, customers, shareholders, or other parties arising from any cybersecurity breaches or incidents. Cybersecurity Policies and Procedures The Company does not have its own cybersecurity policy, but it contracts with CROs that handle all of its data and software. Our CRO s data systems are 21 CFR 11 (Part 11) compliant, which means that they have implemented controls to ensure the reliability and integrity of electronic records and signatures. Our CRO also runs industry standard antivirus and antimalware software on their networks and have written procedures for cybersecurity management, incident response, backup and recovery, and employee training. We have reviewed the cybersecurity policies and procedures of our CRO and require them to report any cybersecurity breaches or incidents that may affect our data or systems. All of the software that we use is Commercial Off the Shelf Software (COTS) and Microsoft, Dropbox, and Google cloud services. We do not develop, modify, or customize any software for our own use. We rely on the cybersecurity measures and practices of our software and cloud service providers and update our software and systems regularly to address any known vulnerabilities or issues. We also limit the access and use of our software and cloud services to authorized personnel and encourage them to use strong passwords and multifactor authentication. We do not store any sensitive or confidential data on our own devices or media, but use password-protected cloud storage. Cybersecurity Oversight and Governance The Company s management is responsible for overseeing and managing our cybersecurity risks and activities as part of its overall risk assessment portfolio. Our management regularly evaluates and reviews the Company s cybersecurity posture and performance and reports to the board of directors on any material cybersecurity matters or developments. Our management also coordinates with our CROs, vendors, partners, and other third parties to ensure that they comply with our cybersecurity expectations and requirements and to address any cybersecurity issues or concerns that may arise. The Company s board of directors is responsible for overseeing and approving our cybersecurity strategy and policies. Our board of directors receives updates from management on the Company s cybersecurity status and initiatives and provides guidance and feedback on the cybersecurity goals and objectives. Our board of directors also monitors the Company s cybersecurity risks and exposures and ensures that the company has adequate cybersecurity resources and capabilities to protect its data and systems.

Company Information