GENELUX Corp 10-K Cybersecurity GRC - 2024-03-29

Page last updated on April 11, 2024

GENELUX Corp reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-29 15:01:07 EDT.

Filings

10-K filed on 2024-03-29

GENELUX Corp filed an 10-K at 2024-03-29 15:01:07 EDT
Accession Number: 0001493152-24-011946

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk management and strategy We have implemented and maintain various information security processes designed to identify, assess and manage material risks from cybersecurity threats to our critical computer networks, third party hosted services, communications systems, hardware and software, and our critical data, including intellectual property, confidential information that is proprietary, strategic or competitive in nature, and clinical trial data ( Information Systems and Data ). The Company engages two external cybersecurity and information technology consultants to work with the Company, including the general counsel, to help identify, assess and manage the Company s cybersecurity threats and risks. This group works to identify and assess risks from cybersecurity threats by monitoring and evaluating our threat environment using various methods, including, for example: manual and automated tools, subscribing to reports and services that identify cybersecurity threats, analyzing reports of threats and actors, conducting scans of the threat environment, and conducting third-party threat assessments. Depending on the environment, we implement and maintain various technical, physical, and organizational measures, processes, standards and policies designed to manage and mitigate material risks from cybersecurity threats to our Information Systems and Data, including, for example: a vulnerability management policy, disaster recovery and business continuity plans, network security controls and data segregation (for certain systems), employee training, and cybersecurity insurance. Our assessment and management of material risks from cybersecurity threats are integrated into the Company s overall risk management processes. Cybersecurity risk is addressed as a component of the Company s enterprise risk management program and identified in the Company s risk register and senior management prioritizes our risk management processes and reports to the audit committee of the board of directors, which evaluates our overall enterprise risk. We use third-party service providers to assist us from time to time to identify, assess, and manage material risks from cybersecurity threats, including, for example cybersecurity consultants and professional services firms (including legal counsel). We use third-party service providers to perform a variety of functions throughout our business, such as application providers, hosting companies, contract research organizations, contract manufacturing organizations, and distributors. We have a vendor management program to manage cybersecurity risks associated with our use of these providers. The program includes a review of certain vendor s written security program, a risk assessment for certain vendors, and imposition of information security contractual obligations on such vendors. 114 For a description of the risks from cybersecurity threats that may materially affect the Company and how they may do so, see our risk factors under Part 1. Item 1A. Risk Factors in this Annual Report on Form 10-K, including If our information technology systems or data, or those of third parties upon which we rely, are or were compromised, we could experience adverse consequences resulting from such compromise, including but not limited to regulatory investigations or actions litigation and mass arbitration demands fines and penalties disruptions of our business operations reputational harm loss of revenue or profits loss of customers or sales and other adverse consequences . Governance Our board of directors addresses the Company s cybersecurity risk management as part of its general oversight function. The Audit Committee is responsible for overseeing the Company s cybersecurity risk management processes, including oversight of mitigation of risks from cybersecurity threats. Our cybersecurity risk assessment and management processes are implemented and maintained by our Cybersecurity Risk Management Team, including Sean Ryder (General Counsel) and an external cybersecurity consultant with over 15 years of experience providing cybersecurity services and training (who is also a member of the Company s Cybersecurity Risk Management Team) and an external information technology consultant. Our CEO is responsible for hiring appropriate personnel, helping to integrate cybersecurity risk considerations into the Company s overall risk management strategy, and communicating key priorities to relevant personnel. The Company s Cybersecurity Risk Management Team is responsible for developing budgets, helping prepare for cybersecurity incidents, approving cybersecurity processes, and reviewing security assessments and other security-related reports. Our cybersecurity incident response and vulnerability management processes are designed to escalate certain cybersecurity incidents to members of management depending on the circumstances, including our CFO and CEO. Our CFO and CEO work with the Company s Incident Response Team to help the Company mitigate and remediate cybersecurity incidents of which they are notified. In addition, the Company s incident response and vulnerability management processes include reporting to the Audit Committee for certain cybersecurity incidents. The board of directors and Audit Committee receive regular reports from the Company s Cybersecurity Risk Management Team concerning the Company s significant cybersecurity threats and risk and the processes the Company has implemented to address them. The board of directors and Audit Committee also receives various reports, summaries or presentations related to cybersecurity threats, risk and mitigation.

Company Information