TFF Pharmaceuticals, Inc. 10-K Cybersecurity GRC - 2024-03-28

Page last updated on April 11, 2024

TFF Pharmaceuticals, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-28 16:01:52 EDT.

Filings

10-K filed on 2024-03-28

TFF Pharmaceuticals, Inc. filed an 10-K at 2024-03-28 16:01:52 EDT
Accession Number: 0001213900-24-027185

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy . We employ processes for assessing, identifying, and managing material risks from cybersecurity threats that are incorporated into our overall risk management system. These items are designed to help protect our information assets from internal and external threats and protect the integrity and confidentiality of our data. Our system includes procedural and technical safeguards, response plans, and reviews of our policies. We engage various external entities, including consultants, to improve and enhance our cybersecurity oversight. We provide all employees and consultants with cybersecurity and prevention training including timely and relevant topics covering social engineering, phishing, mobile security, and data protection and the need for reporting incidents and suspicious events immediately. With respect to third parties that assist in our cybersecurity oversight, we obtain reports to assess the security of their systems and processes. We engage in ongoing monitoring of all third-party providers to ensure compliance with our cybersecurity standards. Although we develop and maintain systems and controls designed to prevent cybersecurity threats from occurring, and we have a process to identify and mitigate threats, the development and maintenance of these systems, controls and processes is costly and requires ongoing monitoring and updating as technologies change and efforts to overcome security measures become increasingly sophisticated. Moreover, despite our efforts, the possibility of these events occurring cannot be eliminated entirely. As we outsource more of our information systems to vendors, engage in more electronic transactions with service providers and patients, and rely more on cloud-based information systems, the related security risks will increase and we will need to expend additional resources to protect our technology and information systems. In addition, there can be no assurance that our internal information technology systems or those of our third-party contractors, or our consultants efforts to implement adequate security and control measures, will be sufficient to protect us against breakdowns, service disruption, data deterioration or loss in the event of a system malfunction, or prevent data from being stolen or corrupted in the event of a cyberattack, security breach, industrial espionage attacks or insider threat attacks which could result in financial, legal, business or reputational harm. As of the date of this report, we are not aware of any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, that have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition. Governance . Our senior management team conducts the regular assessment and management of material risks from cybersecurity threats, including review with our IT team and third-party service providers. All employees and consultants are directed to report to our senior management any irregular or suspicious activity that could indicate a cybersecurity threat or incident. The Audit Committee of our Board of Directors evaluates our cybersecurity assessment and management policies, including quarterly interviews with our senior officers and independent registered accounting firm.

Company Information