ROCKWELL MEDICAL, INC. 10-K Cybersecurity GRC - 2024-03-21

Page last updated on April 11, 2024

ROCKWELL MEDICAL, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-21 17:02:50 EDT.

Filings

10-K filed on 2024-03-21

ROCKWELL MEDICAL, INC. filed an 10-K at 2024-03-21 17:02:50 EDT
Accession Number: 0001628280-24-012572

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. We believe we maintain an information technology and security program appropriate for a company our size, taking into account our operations and risks. The Company recognizes the critical importance of maintaining the trust and confidence of our investors, employees, customers and vendors. The Company’s cybersecurity policies and processes are integrated into the Company’s enterprise risk management program and are informed by recognized frameworks established by the National Institute of Standards and Technology, and other applicable industry standards. In the ordinary course of our business, we collect, use, store, and transmit digitally confidential, sensitive, proprietary, and personal information. The secure maintenance of this information and our information technology systems is important to our operations and business strategy. To this end, we have implemented processes designed to assess, identify, and manage risks from potential unauthorized occurrences on or through our information technology systems that may result in adverse effects on the confidentiality, integrity, and availability of these systems and the data residing therein. These processes are managed and monitored by an outside information technology vendor in cooperation with our information technology consultant, under the supervision of our Chief Corporate Affairs Officer, and include mechanisms, controls, technologies, systems, and other processes designed to prevent or mitigate data loss, theft, misuse, or other security incidents or vulnerabilities affecting the data and maintain a stable and secure information technology environment. For example, we conduct ongoing monitoring of critical systems for any compromised or potentially compromised accounts. We conduct regular trainings on cyber and information security, along with phishing simulations, among other topics. We conduct security audits 30 Table of Contents and ongoing risk assessments, including due diligence on our key technology vendors, and other contractors and suppliers. In addition, we consult with our outside information technology vendor and our information technology consultant on a regular basis to assist with assessing, identifying, and managing cybersecurity risks, including to anticipate future threats and trends, and their impact on the Company s risk environment. Our Chief Corporate Affairs Officer, who reports directly to the Chief Executive Officer, and our IT Consultant, who has three decades of experience managing and leading cybersecurity oversight, together with our other executive officers, are responsible for assessing and managing cybersecurity risks. The Company s executive officers each hold undergraduate and graduate degrees in their respective fields and have extensive experiencing managing risks at the Company and at similar companies, including risks arising from cybersecurity threats. In the last fiscal year, we have not identified any risks from known cyberse curity threats, including as a result of any prior cybersecurity incidents, that have materially affected us, including our operations, business strategy, results of operations, or financial condition. If we were to experience a material cybersecurity incident in the future, such incidents are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition. For more information regarding cybersecurity risks that we face and potential impacts on our business related thereto, see the risk factor titled, Our business and operations would suffer in the event of a security breach, system failure, invasion, corruption, destruction or interruption of our or our business partners critical information technology systems or infrastructure. The Company’s Board of Directors, as a whole and at the committee level, has oversight for the most significant risks facing us and for our processes to identify, prioritize, assess, manage, and mitigate those risks. The Audit Committee, which is composed solely of independent directors, has been designated by our Board to oversee cybersecurity risks. The Audit Committee and the Board receive updates on cybersecurity and information technology matters and related risk exposures from our Chief Corporate Affairs Officer, as well as our other executive officers. The Board also receives updates from the Company’s management on cybersecurity risks on at least an annual basis.

Company Information