First Wave BioPharma, Inc. 10-K Cybersecurity GRC - 2024-03-29

Page last updated on April 11, 2024

First Wave BioPharma, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-29 16:16:33 EDT.

Filings

10-K filed on 2024-03-29

First Wave BioPharma, Inc. filed an 10-K at 2024-03-29 16:16:33 EDT
Accession Number: 0001410578-24-000364

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Cybersecurity Risk Management and Strategy First Wave BioPharma has established a comprehensive cybersecurity risk management program aimed at safeguarding the confidentiality, integrity, and availability of our essential systems and information. Central to our cybersecurity efforts is a robust incident response plan designed to address potential cyber incidents swiftly and effectively. In designing and evaluating our cybersecurity initiatives, we have adopted the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF 2.0) as a guiding principle. It’s important to clarify that our use of the NIST CSF 2.0 is for guidance purposes to frame our risk identification, assessment, and management processes and does not equate to compliance with any specific technical standards or requirements. Our cybersecurity framework is integrated into First Wave BioPharma’s broader enterprise risk management strategy, sharing methodologies, reporting mechanisms, and governance structures with other risk domains including legal, compliance, strategic, operational, and financial risks. Key components of our cybersecurity risk management program include: Conducting risk assessments to pinpoint material cybersecurity threats to our critical systems, data, products, services, and overall IT infrastructure A dedicated security consultant overseeing the risk assessment process, maintenance of security controls, and coordination of responses to cybersecurity incidents -63- Table of Contents Engagement with external service providers to evaluate, enhance, or support our security measures Comprehensive cybersecurity training programs for employees, incident responders, and senior management to foster a culture of security awareness An incident response plan outlining specific procedures for managing cybersecurity incidents and A thorough third-party risk management process to evaluate and manage risks associated with service providers, suppliers, and vendors. To date, we have not identified any cybersecurity threats or past incidents that have had, or are likely to have, a material impact on our Company’s operations, business strategy, financial performance, or results of operations. Our external security expert has over thirty years of experience with cybersecurity, information technology development and deployment and information technology risk assessment and management, including information security management. Cybersecurity Governance The governance of cybersecurity risks is a critical function of our Board of Directors, with the Audit Committee playing a key role in the oversight of cybersecurity and related technology risks. The Audit Committee is tasked with monitoring the effectiveness of our cybersecurity risk management program as implemented by management. The Audit Committee will receive regular updates from management on the state of cybersecurity risks facing the company. This will include briefings on any significant cyber incidents and ongoing risk management efforts. These updates will enable the Audit Committee to provide informed reports on cybersecurity matters to the full Board. Our Audit Committee is actively involved in our cybersecurity oversight and under our new Cybersecurity Policy adopted on March 11, 2024, will receive detailed briefings from our external cybersecurity expert. The responsibility for day-to-day management of cybersecurity risks lies with our management team, including the Chief Financial Officer. This team is at the forefront of our cybersecurity initiatives, coordinating both internal and external resources to anticipate, identify, and mitigate cyber threats. Our approach includes regular updates from our external security expert, leveraging intelligence from various sources, and utilizing advanced security tools to protect our digital environment.

Company Information