GRI BIO, Inc. 10-K Cybersecurity GRC - 2024-03-28

Page last updated on April 11, 2024

GRI BIO, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-28 16:08:07 EDT.

Filings

10-K filed on 2024-03-28

GRI BIO, Inc. filed an 10-K at 2024-03-28 16:08:07 EDT
Accession Number: 0001824293-24-000033

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. CYBERSECURITY Cybersecurity We recognize the critical importance of maintaining the trust and confidence of patients, business partners and employees toward our business and are committed to protecting the confidentiality, integrity and availability of our business operations and systems. Our board of directors is actively involved in oversight of our risk management activities, and cybersecurity represents an important element of our overall approach to risk management. In general, we seek to address cybersecurity risks through a comprehensive approach that is focused on preserving the confidentiality, security and availability of the information that we collect and store by identifying, preventing and mitigating cybersecurity threats and effectively responding to cybersecurity incidents when they occur. Cybersecurity Risk Management and Strategy Effect of Risk We face risks related to cybersecurity such as unauthorized access, cybersecurity attacks and other security incidents, including as perpetrated by hackers and unintentional damage or disruption to hardware and software systems, loss of data, and misappropriation of confidential information. To identify and assess material risks from cybersecurity threats, we maintain a cybersecurity program to ensure our systems are effective and prepared for information security risks, including regular oversight of our programs for security monitoring for internal and external threats to ensure the confidentiality and integrity of our information assets. We consider risks from cybersecurity threats alongside other company risks as part of our overall risk assessment process. As discussed in more detail under Cybersecurity Governance below, our board of directors provides oversight of our cybersecurity risk management and strategy processes, which are led by our Chief Financial Officer. To provide for the availability of critical data and systems, maintain regulatory compliance, manage our material risks from cybersecurity threats, and protect against and respond to cybersecurity incidents, we undertake the following activities: monitor emerging data protection laws and implement changes to our processes that are designed to comply with such laws 67 Table of Contents through our policies, practices and contracts (as applicable), require employees, as well as third parties that provide services on our behalf, to treat confidential information and data with care employ technical safeguards that are designed to protect our information systems from cybersecurity threats, including firewalls, intrusion prevention and detection systems, anti-malware functionality and access controls and provide training for our employees regarding cybersecurity threats as a means to equip them with effective tools to address cybersecurity threats, and to communicate our evolving information security policies, standards, processes and practices. Our incident response plan coordinates the activities we take to prepare for, detect, respond to and recover from cybersecurity incidents, which include processes to triage, assess severity for, escalate, contain, investigate and remediate the incident, as well as to comply with potentially applicable legal obligations and mitigate damage to our business and reputation. Our processes also address cybersecurity threat risks associated with our use of third-party service providers who have access to employee data or our systems. In addition, cybersecurity considerations affect the selection and oversight of our third-party service providers. We describe whether and how risks from identified cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition, in Item 1A under the heading We may be unable to adequately protect our information systems from cyberattacks, which could result in the disclosure of confidential or proprietary information, including personal data, damage our reputation, and subject us to significant financial and legal exposure, which disclosures are incorporated by reference herein. In the last three fiscal years, we have not experienced any material cybersecurity incidents and the expenses we have incurred from cybersecurity incidents were immaterial. This includes penalties and settlements, of which there were none. Cybersecurity Governance Management Cybersecurity is an important part of our risk management processes and an area of focus for our board of directors and management. Our board of directors is responsible for the oversight of risks from cybersecurity threats. Upon detection of a cybersecurity threat, our board of directors receives an update from management of our cybersecurity threat risk management and strategy processes, as well as the steps management has taken to respond to such risks. Our board of directors also receive prompt and timely information regarding any cybersecurity incident that meets establishing reporting thresholds, as well as ongoing updates regarding any such incident until it has been addressed Our cybersecurity risk management and strategy processes, which are discussed in greater detail above, is managed by our Chief Financial Officer and supported by consultants with experience in managing information security, developing cybersecurity strategy, implementing effective information and cybersecurity programs as needed. As discussed above, the Chief Financial Officer reports to our board of directors about material cybersecurity threat risks.

Company Information