Synaptogenix, Inc. 10-K Cybersecurity GRC - 2024-04-01

Page last updated on April 11, 2024

Synaptogenix, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-04-01 17:00:56 EDT.

Filings

10-K filed on 2024-04-01

Synaptogenix, Inc. filed an 10-K at 2024-04-01 17:00:56 EDT
Accession Number: 0001410578-24-000410

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. Cybersecurity We recognize the critical importance of maintaining the trust and confidence of business partners and employees toward our business and are committed to protecting the confidentiality, integrity and availability of our business operations and systems. Our Board is actively involved in oversight of our risk management activities, and cybersecurity represents an important element of our overall approach to risk management. In general, we seek to address cybersecurity risks by utilizing reputable third party vendors and service providers to manage and maintain our information systems and assets in accordance with strong cybersecurity policies, standards, processes and practices, and by preserving the confidentiality, security and availability of the information that we collect and store by identifying, preventing and mitigating cybersecurity threats and effectively responding to cybersecurity incidents when they occur. 64 Table of Contents We consider risks from cybersecurity threats alongside other company risks as part of our overall risk assessment process. We face risks related to cybersecurity such as unauthorized access, cybersecurity attacks and other security incidents, including as perpetrated by hackers and unintentional damage or disruption to hardware and software systems, loss of data, and misappropriation of confidential information. To identify and assess material risks from cybersecurity threats, we maintain policies to ensure our systems are effective and prepared for information security risks. For example, our Synaptogenix Information Security Policy, which applies to all employees, contractors and third parties granted access to our systems and provides guidelines for maintaining information security, including safeguarding personal and company-issued digital devices, learning to detect phishing and other attacks, restricting data transfer, and ensuring the judicious use of the internet and social media. We also maintain a more general Risk Management Strategy that sets forth our procedures for identifying, assessing, responding to, monitoring, and reporting risks, including any cyber-related risks. Our approach to addressing cybersecurity threat risks also includes mitigating risk associated with our use of third-party service providers. For example, when we enter into contracts with third-party collaborators or vendors pursuant to which sensitive business or personal data will be shared or accessible, we include provisions safeguarding the protection of confidential information. We also utilize a third party service provider to maintain our information systems and assets and to employ technical safeguards that are designed to protect our information systems from cybersecurity threats. Our incident response plan coordinates the activities we take to prepare for, detect, respond to and recover from cybersecurity incidents, which include processes to triage, assess severity for, escalate, contain, investigate and remediate the incident, as well as to comply with potentially applicable legal obligations and mitigate damage to our business and reputation. We maintain an Information Security Incident Response form that directs a detector of any incident to report such incident to our Information Security Officer, whom we contract through a third party service provider. Following notice of any such incident, our Information Security Officer would then work with our Chief Financial Officer and our Board to establish an appropriate response plan and to determine the materiality of the incident and any disclosure obligations. As discussed in more detail under Cybersecurity Governance below, our Board provides oversight of our risk management and strategy processes. We describe whether and how risks from identified cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition, under the heading We may be unable to adequately protect our information systems from cyberattacks, which could result in the disclosure of confidential or proprietary information, including personal data, damage our reputation, and subject us to significant financial and legal exposure, which disclosures are incorporated by reference herein. In the last three fiscal years, we have not experienced any material cybersecurity incidents and the expenses we have incurred from cybersecurity incidents were immaterial. This includes penalties and settlements, of which there were none. Cybersecurity Governance Management Cybersecurity is part of our overall risk management processes. In general, our Board oversees risk management activities designed and implemented by our management, and considers specific risks, including, for example, risks associated with our strategic plan, business operations, and capital structure. Any cybersecurity incident that occurs would be brought to the immediate attention of the Board. Our cybersecurity risk management and strategy processes, which are discussed in greater detail above, are led by a contracted third-party Information Security Officer. Such individual has over 25 years of experience in information technology, including over 14 years of experience in cybersecurity, and has a master s degree in cybersecurity. Our Information Security Officer is informed about and monitors our cybersecurity risk through his participation in the cybersecurity risk management and strategy processes described above, including the operation of our incident response plan. 65 Table of Contents

Company Information