Genprex, Inc. 10-K Cybersecurity GRC - 2024-04-01

Page last updated on July 16, 2024

Genprex, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-04-01 17:25:23 EDT.


10-K filed on 2024-04-01

Genprex, Inc. filed a 10-K at 2024-04-01 17:25:23 EDT
Accession Number: 0001437749-24-010426

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. Cybersecurity Risk Management We, like other companies in our industry, face several cybersecurity risks in connection with our business. Our business strategy, results of operations, and financial condition have not, to date, been affected by risks from cybersecurity threats. During the reporting period, we have not experienced any material cyber incidents, nor have we experienced a series of immaterial incidents, which would require disclosure. In the ordinary course of our business, we use, store and process data including data of our employees, partners, collaborators, and vendors. To effectively prevent, detect, and respond to cybersecurity threats, we maintain a cyber risk management program, which is comprised of a wide array of policies, standards, architecture, and processes. The cyber risk management program falls under the responsibility of our Director of IT & GxP Quality Systems, who has more than 15 years of experience, including cross-functional expertise in IT compliance and GXP systems. Under the guidance of our Director of IT & GxP Quality Systems, reporting up to our Chief Financial Officer, we develop, maintain, and evidence the policies, standards, and processes in a manner consistent with applicable legal requirements. We also utilize a variety of cybersecurity software from reputable vendors in cybersecurity. We have implemented a cybersecurity risk management program that is designed to identify, assess, and mitigate risks from cybersecurity threats to this data and our systems and ensure the effectiveness of our security controls. Our cybersecurity risk management program is Systems and Organization Controls (SOC)-certified and incorporates a number of components, including information security program assessments, continuous monitoring of critical risks from cybersecurity threats using automated tools, internal audits, and employee training. We deploy a wide range of security tools across the environment, require multifactor authentication, hold client data on a separate virtual private cloud (VPC), and implement access control policies that further limit access to data within the systems. We periodically conduct internal audits and are consistently evaluating our cyber readiness. As a result, we have not identified any material cybersecurity risks and are continuously hardening our environment, systems and infrastructure to reduce our vulnerability to attack. Additionally, our program includes regular cybersecurity training for all employees. For further information regarding cybersecurity risks, please refer to “Risk Factors - Risks Related to Development and Commercialization of Our Current and Future Product Candidates” and other risks described in the “Risk Factors” section of this Annual Report on Form 10-K. Governance Our board of directors is responsible for the oversight of cybersecurity risk management. The board of directors delegates oversight of the cybersecurity risk management program to the audit committee of the board of directors (the “Audit Committee”). Our Chief Financial Officer reports to the Audit Committee. The Audit Committee updates the board of directors on our cybersecurity risk management program, including any critical cybersecurity risks, ongoing cybersecurity initiatives and strategies, and applicable regulatory requirements and industry standards on an annual and as-needed basis.

Company Information

NameGenprex, Inc.
SIC DescriptionPharmaceutical Preparations
TickerGNPX - Nasdaq
Emerging growth company
Fiscal Year EndDecember 30