ADMA BIOLOGICS, INC. 10-K Cybersecurity GRC - 2026-02-25

Page last updated on February 25, 2026

ADMA BIOLOGICS, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-02-25 17:16:08 EST.

Filings

10-K filed on 2026-02-25

ADMA BIOLOGICS, INC. filed a 10-K at 2026-02-25 17:16:08 EST
Accession Number: 0001140361-26-006815

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy We recognize the importance of managing the material risks of cybersecurity threats, and we have implemented processes for identifying and assessing cybersecurity risks and incidents. We have also integrated these processes into our overall risk management system, including senior management's periodic reviews of cybersecurity risks or threats. Senior management oversees and works closely with our IT department to continuously review and evaluate cybersecurity risks in alignment with our business goals and needs. With respect to cybersecurity risks and threats, we utilize various third-party consultants and advisors to assist us with regular reviews, internal audits and best practices, including threat prevention and detection, security reviews and enhancements, penetration testing and full scope IT audits. ADMA also has strict processes in place for the review of third-party service providers engaged, including thorough security assessments before engagement and annual monitoring of their IT environments and controls. Governance Our President and Chief Executive Officer and Chief Operating Officer are primarily responsible for timely updating the Board and Audit Committee about any material cybersecurity incidents or threats or any cybersecurity related issues worthy of their attention. Our Board has designated the Audit Committee as the primary committee responsible for overseeing, reviewing and managing cybersecurity risks and threats at ADMA. The Audit Committee is comprised of Board members with diverse experience in healthcare, finance and information technology, enabling them to effectively oversee cybersecurity risks and threats. Our management team, with assistance from third-party consultants or advisors as appropriate, provides quarterly updates regarding cybersecurity risks and threats to the Audit Committee and ad hoc updates or communications are provided to the entire Board as needed. The IT Operations team is primarily responsible for the timely identification, review, severity assessment and management of cybersecurity incidents. In the event of a cybersecurity incident, the IT Department leadership follows the procedures outlined in our Cybersecurity Incident Response Policy and works closely with management to form a Security Incident Response Team comprised of members from the appropriate functional teams. In accordance with this policy, senior management will also communicate the occurrence of any significant cybersecurity incidents to our Board, Audit Committee and auditors on a timely basis and will keep them informed of the remediation plans and progress. We maintain cybersecurity insurance coverage in an amount appropriate for our risk profile. We also conduct mandatory cybersecurity training for employees annually, and all new hires are required to complete cybersecurity training within 90 days of receiving their Company computer. Periodically, management conducts simulated phishing exercises to evaluate the effectiveness of its training programs. Employees who fall victim to these simulations may be required to participate in additional remedial cybersecurity training. Employees within our IT Department receive ongoing cybersecurity awareness communications, including monthly newsletters highlighting emerging cybersecurity threats and developments, as well as targeted communications as appropriate. Separately, the IT Department periodically conducts cybersecurity tabletop exercises with assistance from third-party experts. Lessons learned from these exercises are incorporated into management's ongoing assessment of cybersecurity risks and mitigation strategies. In addition, members of the IT Department maintain industry recognized certifications related to cybersecurity, threat detection, and incident management. The Company also supports ongoing development by enabling IT personnel to participate in industry-led conferences and forums to stay informed of evolving cybersecurity trends, threats, and best practices. Insights gained through these activities are considered as part of ADMA's broader cybersecurity risk management program.

Company Information