Dare Bioscience, Inc. 10-K Cybersecurity GRC - 2024-03-28

Page last updated on April 11, 2024

Dare Bioscience, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-28 16:01:59 EDT.

Filings

10-K filed on 2024-03-28

Dare Bioscience, Inc. filed an 10-K at 2024-03-28 16:01:59 EDT
Accession Number: 0001401914-24-000016

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Risk Management and Strategy As is the case for other companies in our industry, we may be the target of cyberattacks and other cyber incidents and, therefore, cybersecurity is an important element of our overall enterprise risk management, or ERM, program. Our management performs a semi-annual assessment of enterprise-wide risks to help assess, identify, and manage existing and emerging risks for our company, including cybersecurity risks. Through our ERM program we assess the characteristics and circumstances of the evolving business environment at the time and seek to identify the potential impacts to our company of a particular risk. Primary responsibility for assessing, identifying, and managing our cybersecurity risks rests with our management. To assist our management with such responsibility, we engage and consult with an external third party information technology consultant who reports to our Chief Accounting Officer. We also perform an annual cybersecurity assessment designed to help improve the systems and processes we have implemented designed to safeguard our information assets and operational integrity from cyber threats, protect employee information from unauthorized access or attack, as well as secure our networks and systems. Network and information systems and other technologies, including those related to our network management, are important to our business activities. As a result, we have multiple layers of security designed to detect and deter cybersecurity incidents. As part of our overall ERM program, we monitor and test our safeguards and train our employees on these safeguards, in certain instances with the assistance of our external third party information technology consultant. Personnel at all levels and 105 departments are made aware of our cybersecurity policies through trainings. We also maintain an incident response plan designed to respond to, mitigate and remediate cybersecurity incidents according to a defined set of severity ratings based on the potential impact to our business, information technology systems, network or data, including data held or information technology services provided by third-party vendors or other service providers. As of the date of filing this report, we do not believe there are any risks from cybersecurity threats that have materially affected or are reasonably likely to materially affect us or our business strategy, results of operations or financial condition. For additional information regarding risks from cybersecurity threats, please refer to Item 1A, Risk Factors, in this annual report on Form 10-K. Governance Our board of directors administers its cybersecurity risk oversight function through its audit committee. The audit committee is responsible for overseeing our policies, practices and assessments with respect to cybersecurity, and provides periodic updates to our board of directors. The audit committee receives periodic updates from management and our external third party information technology consultant regarding the effectiveness of the systems and processes we have implemented designed to safeguard our information assets and operational integrity from cyber threats, protect employee information from unauthorized access or attack, as well as secure our networks and systems, and regarding other cybersecurity matters, including the results from cybersecurity systems testing and any recent cybersecurity incidents and related responses. Our audit committee is also notified between such updates as soon as practicable regarding significant new cybersecurity threats or incidents. The audit committee also receives a report on cybersecurity matters and related risk exposures at least semi-annually from our Chief Accounting Officer. Many of our board members have achieved the National Association of Corporate Directors Carnegie Mellon University CERT Certification in Cybersecurity Oversight.

Company Information