NeuroBo Pharmaceuticals, Inc. 10-K Cybersecurity GRC - 2024-03-28

Page last updated on April 11, 2024

NeuroBo Pharmaceuticals, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-28 16:06:06 EDT.

Filings

10-K filed on 2024-03-28

NeuroBo Pharmaceuticals, Inc. filed an 10-K at 2024-03-28 16:06:06 EDT
Accession Number: 0001558370-24-004246

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management We recognize the importance of assessing, identifying, and managing risks associated with cybersecurity threats. These risks include, among other things, operational risks intellectual property theft fraud extortion harm to employees, violation of privacy or security laws and other litigation and legal risk and reputational risks. We are committed to maintaining robust governance and oversight of these risks and to implementing mechanisms, controls, technologies, and processes designed to help us assess, identify, and manage these risks. While we have not, as of the date of this Form 10-K, experienced a cybersecurity threat or incident that resulted in a material adverse impact to our business or operations, there can be no guarantee that we will not experience such an incident in the future. We aim to incorporate industry best practices throughout our cybersecurity program. Our cybersecurity strategy focuses on implementing effective and efficient controls, technologies, and other processes to assess, identify, and manage material cybersecurity risks. Our cybersecurity program is designed to be aligned with applicable industry standards. We work with a third-party provider to monitor for threats and potential cybersecurity breaches. We have processes in place to assess, identify, manage, and address material cybersecurity threats and incidents. These include, among other things: ongoing security awareness training for employees mechanisms to detect and monitor unusual network activity and containment and incident response tools. We monitor issues that are internally discovered or reported by our third-party monitoring service that may affect our information services, and have processes to assess those issues for potential cybersecurity impact or risk. We impose security requirements upon our suppliers and CROs, including maintaining an effective security management program abiding by information handling and asset management requirements and notifying us in the event of any known or suspected cyber incident. Governance Our Board has ultimate oversight of cybersecurity risk, which it manages as part of our enterprise risk management program. That program is utilized in making decisions with respect to company priorities, resource allocations, and oversight structures. The Board is assisted by the audit committee, which reviews our cybersecurity program with management and reports to the Board. The audit committee is central to the Board oversight of cybersecurity risks and bears the primary responsibility for this domain. The audit committee is composed of board members with diverse expertise including risk management, technology, and finance, equipping them to oversee cybersecurity risks effectively. Our chief executive officer, chief financial officer and corporate controller have operational experience in assessing and managing cybersecurity risk. Our chief executive officer plays a pivotal role in informing the audit committee on cybersecurity risks. They provide comprehensive briefings to the audit committee on a regular basis, with a minimum frequency of once per year. These briefings encompass a broad range of topics, including: Current cybersecurity landscape and emerging threats Status of ongoing cybersecurity initiatives and strategies Incident reports and learnings from any cybersecurity events and Compliance with regulatory requirements and industry standards. In addition to our scheduled meetings, the audit committee and chief executive officer maintain an ongoing dialogue regarding emerging or potential cybersecurity risks. Together, they receive updates on any significant developments in the cybersecurity domain, ensuring the board s oversight is proactive and responsive. The audit committee actively participates in strategic decisions related to cybersecurity, offering guidance and approval for major initiatives. This involvement ensures that cybersecurity considerations are integrated into the broader strategic objectives of NeuroBo. 60 Table of Contents Our chief financial officer is informed by our third-party monitoring service of any cybersecurity incidents, who will then escalate the incident to our chief executive officer, if necessary. Furthermore, significant cybersecurity matters and strategic risk management decisions are escalated to the Board, ensuring that they have comprehensive oversight and can provide guidance on critical cybersecurity issues.

Company Information