REVIVA PHARMACEUTICALS HOLDINGS, INC. 10-K Cybersecurity GRC - 2024-04-15

Page last updated on April 15, 2024

REVIVA PHARMACEUTICALS HOLDINGS, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-04-15 08:22:16 EDT.

Filings

10-K filed on 2024-04-15

REVIVA PHARMACEUTICALS HOLDINGS, INC. filed an 10-K at 2024-04-15 08:22:16 EDT
Accession Number: 0001437749-24-011955

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. CYBERSECURITY Cybersecurity Risk Management We, like other companies in our industry, face several cybersecurity risks in connection with our business. Our business strategy, results of operations, and financial condition have not, to date, been affected by risks from cybersecurity threats. During the reporting period, we have not experienced any material cyber incidents, nor have we experienced a series of immaterial incidents, which would require disclosure. In the ordinary course of our business, it is our policy to minimize our data footprint. We do not use, store and process data of our, partners, collaborators, and vendors in our facilities and instead outsource such functions to expert third parties. Our intellectual property data is not stored on site. We only maintain a bare minimum amount of employee data. By fully outsourcing our IT environment and placing it within expert third party software-as-a-service, human resource, and clinical providers, our primary means of avoiding cyber risk is not having sensitive data within our enterprise. All third parties are managed by our chief executive officer ( CEO ), and we review our vendors to ensure that they have risk management procedures in place, including physical, procedural, and technical safeguards. We have implemented a cybersecurity risk management program that is designed to identify, assess, and mitigate risks from cybersecurity threats to data and our systems. Our cybersecurity risk management program incorporates several components, which include multifactor authentication, access control, data segregation, password requirements, vendor management, email filtering, basic logging, malware protection, and an endpoint security tool. Additionally, we maintain a cyber insurance policy. Governance Under the ultimate direction of our CEO, with oversight from our board of directors, we maintain a security governance structure to evaluate and address cyber risk. Our CEO regularly consults with our Chief Financial Officer ( CFO ) and third-party IT consultant who has expertise in cybersecurity to develop strategies to assess, address and align cybersecurity efforts with our business objectives and operational requirements. Our board of directors is responsible for the oversight of cybersecurity risk management, including oversight of information security and cybersecurity threats and related compliance and disclosure requirements. On an annual and as-needed basis, our CEO provides an update to our board of directors regarding our cybersecurity risk management program, including any critical cybersecurity risks, ongoing cybersecurity initiatives and strategies, and applicable regulatory requirements and industry standards. Our CEO also notifies our audit committee of any cybersecurity incidents (suspected or actual) and provides updates on the incidents as well as cybersecurity risk mitigation activities as appropriate.

Company Information