NEXGEL, INC. 10-K Cybersecurity GRC - 2024-04-09

Page last updated on April 11, 2024

NEXGEL, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-04-09 22:00:20 EDT.

Filings

10-K filed on 2024-04-09

NEXGEL, INC. filed an 10-K at 2024-04-09 22:00:20 EDT
Accession Number: 0001493152-24-014127

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Cybersecurity Risk Management and Strategy We have developed and implemented a cybersecurity risk management program intended to protect the confidentiality, integrity, and availability of our critical systems and information. We have implemented a number of security measures designed to protect our systems and data, including firewalls, antivirus and malware detection tools, patches, log monitors, and routine back-ups,. In addition, we have continued our efforts to migrate our platforms to cloud-based computing, which is designed to further strengthen our security posture. Our cybersecurity risk management program is integrated into our overall enterprise risk management program and shares common methodologies, reporting channels, and governance processes that apply across the enterprise risk management program to other legal, compliance, strategic, operational, and financial risk areas. Our cybersecurity risk management program includes the following: the use of external service providers, where appropriate, to assess, test, or otherwise assist with aspects of our security controls cybersecurity awareness training of our employees, incident response personnel, and senior management and There can be no assurance that our cybersecurity risk management program and processes, including our policies, controls or procedures, will be fully implemented, complied with or effective in protecting our systems and information. Cybersecurity Governance Our Board considers cybersecurity risks as part of its risk oversight. The Board oversees management s implementation of our cybersecurity risk management program and receives updates on the cybersecurity risk management program from management at least annually. In addition, management updates the Board regarding any material or significant cybersecurity incidents, as well as incidents with lesser impact potential as necessary. Ongoing Risks We have not experienced any material cybersecurity incidents. We have not identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected us, including our operations, business strategy, results of operations, or financial condition. Incident Response and Assessment Policies and Procedures We align with industry-standard cybersecurity frameworks designed to protect the company and customer data from unintentional disclosure, cybersecurity events, and other threats of all severity levels. As part of our alignment with these frameworks we are in the process of implementing a Cybersecurity Incident Response Plan that outlines actions to be taken after identifying a suspected information security breach and the people responsible for managing those actions. Additionally, this plan will outline communication responsibilities during incidents of all severity levels.

Company Information