BullFrog AI Holdings, Inc. 10-K Cybersecurity GRC - 2024-03-29

Page last updated on April 11, 2024

BullFrog AI Holdings, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-29 15:44:27 EDT.

Filings

10-K filed on 2024-03-29

BullFrog AI Holdings, Inc. filed an 10-K at 2024-03-29 15:44:27 EDT
Accession Number: 0001493152-24-011964

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY We have established policies and processes for assessing, identifying, and managing material risk from cybersecurity threats, and have integrated these processes into our overall risk management systems and processes. We routinely assess material risks from cybersecurity threats, including any potential unauthorized occurrence on or conducted through our information systems that may result in adverse effects on the confidentiality, integrity, or availability of our information systems or any information residing therein. 21 We conduct periodic risk assessments to identify cybersecurity threats, as well as assessments in the event of a material change in our business practices that may affect information systems that are vulnerable to such cybersecurity threats. These risk assessments include identification of reasonably foreseeable internal and external risks, the likelihood and potential damage that could result from such risks, and the sufficiency of existing policies, procedures, systems, and safeguards in place to manage such risks. Following these risk assessments, we re-design, implement, and maintain reasonable safeguards to minimize identified risks reasonably address any identified gaps in existing safeguards and regularly monitor the effectiveness of our safeguards. Primary responsibility for assessing, monitoring and managing our cybersecurity risks rests with our Chief Information Officer who reports to our Chief Commercial Officer, to manage the risk assessment and mitigation process. We engage consultants, or other third parties in connection with our risk assessment processes. These service providers assist us to design and implement our cybersecurity policies and procedures, as well as to monitor and test our safeguards. We require each third-party service provider to certify that it has the ability to implement and maintain appropriate security measures, consistent with all applicable laws, to implement and maintain reasonable security measures in connection with their work with us, and to promptly report any suspected breach of its security measures that may affect our company. We have not encountered cybersecurity challenges that have materially impaired our operations or financial standing. Governance Our board of directors addresses the Company s cybersecurity risk management as part of its general oversight function. The board of directors audit committee is responsible for overseeing Company s cybersecurity risk management processes, including oversight and mitigation of risks from cybersecurity threats. Our cybersecurity risk assessment and management processes are implemented and maintained by certain Company management, including the information technology team at the direction of our Chief Information Officer. Our executive team including our Chief Executive Officer, and Chief Financial Officer are responsible for hiring appropriate personnel, helping to integrate cybersecurity risk considerations into the Company s overall risk management strategy, and communicating key priorities to relevant personnel. This executive team is responsible for approving budgets, helping prepare for cybersecurity incidents, approving cybersecurity processes, and reviewing security assessments and other security-related reports. Our cybersecurity incident response and vulnerability management policies are designed to escalate certain cybersecurity incidents to members of management depending on the circumstances, including our Chief Executive Officer, and Chief Financial Officer. In addition, the Company s incident response and vulnerability management policies include reporting to the audit committee of the board of directors for certain cybersecurity incidents including significant breaches to the Company s networks or systems. The audit committee receives regular reports from the information technology team concerning the Company s significant cybersecurity threats and risk and the processes the Company has implemented to address them. The audit committee also has access to various reports, summaries or presentations related to cybersecurity threats, risk and mitigation.

Company Information