ELITE PHARMACEUTICALS INC /NV/ 10-K Cybersecurity GRC - 2024-07-01

Page last updated on July 16, 2024

ELITE PHARMACEUTICALS INC /NV/ reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-07-01 16:59:27 EDT.

Filings

10-K filed on 2024-07-01

ELITE PHARMACEUTICALS INC /NV/ filed a 10-K at 2024-07-01 16:59:27 EDT
Accession Number: 0001493152-24-025829

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY As part of the Company’s overall enterprise risk management processes, the Company maintains a cyber risk management program designed to identify, assess, manage, mitigate, and respond to cybersecurity threats. The underlying processes and controls of the Company’s cyber risk management program incorporate recognized best practices and standards for cybersecurity and information technology, including the National Institute of Standards and Technology (“NIST”) Cybersecurity Framework (“CSF”). Elite has an annual assessment performed by a third-party specialist of the Company’s cyber risk management program against the NIST CSF. The annual risk assessment identifies, quantifies, and categorizes material cyber risks. In addition, the Company, in conjunction with the third-party cyber risk management specialists develop a risk mitigation plan to address such risks, and where necessary, remediate potential vulnerabilities identified through the annual assessment process. In addition, Elite maintains processes to help govern the processes put in place by management designed to protect the Company’s IT assets, data, and services from threats and vulnerabilities. Elite employs additional key practices within the cybersecurity risk management program including, but not limited to maintenance of an IT assets inventory, identity access management controls including restricted access of privileged accounts, physical security measures at Company facilities, information protection (IPS)/detection systems (IDS) including maintenance of firewalls, network and data traffic monitoring and automated alerting, and critical data backups to reduce cybersecurity risk. Cybersecurity partners to the Company, including, consultants, and other third-party service providers are a key part of Elite Pharmaceutical’s cybersecurity risk management strategy and infrastructure. Elite partners with industry recognized cybersecurity providers leveraging third-party technology and expertise and engages with these partners to monitor and maintain the performance and effectiveness of IT assets, data, and services that are deployed in the Company’s environment. The cybersecurity partners provide services including, but not limited to systems inventory monitoring, user management, network protection and monitoring, IPS/IDS management, remote access monitoring and management, user activity monitoring, data backups management, cybersecurity strategy, and cyber risk advisory, including assessment and remediation. Elite’s management team, in conjunction with cybersecurity service providers is responsible for oversight and administration of Elite’s cyber risk management program, and for informing senior management and other relevant stakeholders regarding the prevention, detection, mitigation, and remediation of cybersecurity incidents. The Company’s management team has prior experience selecting, deploying, and overseeing cybersecurity technologies, initiatives, and processes directly or via selection of strategic third-party partners, and also relies on threat intelligence as well as other information obtained from governmental, public or private sources, including external consultants engaged by Elite for strategic cyber risk management, advisory and decision making. 43 The Audit Committee of the Board of Directors oversees Elite’s cybersecurity risk exposures and the steps taken by management to monitor and mitigate cybersecurity risks. The cybersecurity stakeholders, including members of management assigned with cybersecurity oversight responsibility and/or third-party consultants providing cyber risk services brief the Audit Committee on cyber vulnerabilities identified through the risk management process, the effectiveness of Elite’s cyber risk management program, and the emerging threat landscape and new cyber risks on at least an annual basis. This includes updates on processes to prevent, detect, and mitigate cybersecurity incidents. The Company also relies on threat intelligence and other information obtained from governmental, public, or private sources, including external consultants engaged by the Company for strategic cyber risk management, advisory and decision making. Elite has implemented third-party risk management processes to manage the risks associated with reliance on vendors, critical service providers, and other third-parties that may lead to a service disruption or an adverse cybersecurity incident. This includes service level agreement monitoring and contract negotiations. Elite faces risks from cybersecurity threats that could have a material adverse effect on its business, financial condition, results of operations, cash flows or reputation. Elite acknowledges that the risk of cyber incident is prevalent in the current threat landscape and that a future cyber incident may occur in the normal course of its business. However, as of the date of this Annual Report on Form 10-K, the Company is not aware of any risks from cybersecurity threats that have materially affected or are reasonably likely to materially affect Elite’s business strategy, financial condition, results of operations, or cash flows. The Company proactively seeks to detect and investigate unauthorized attempts and attacks against Company IT assets, data, and services, and to prevent their occurrence and recurrence where practicable through changes or updates to internal processes and tools and changes or updates to Company service delivery; however, potential vulnerabilities to known or unknown threats will still remain. Further, there is increasing regulation regarding responses to cybersecurity incidents, including reporting to regulators, investors, and additional stakeholders, which could subject the Company to additional liability and reputational harm. In response to such risks, the Company has implemented initiatives such as implementation of the cybersecurity risk assessment process and development of an incident response plan. See Item 1A. “Risk Factors” for more information on cybersecurity risks.

Company Information