Anebulo Pharmaceuticals, Inc. 10-K Cybersecurity GRC - 2024-09-25

Page last updated on September 26, 2024

Anebulo Pharmaceuticals, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-09-25 16:30:38 EDT.

Filings

10-K filed on 2024-09-25

Anebulo Pharmaceuticals, Inc. filed a 10-K at 2024-09-25 16:30:38 EDT
Accession Number: 0001493152-24-038127

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. Risk Management Strategy We are a clinical stage biotechnology company focused on developing and commercializing new treatments for patients suffering from ACI and substance addiction. We and our third-party service providers, such as CROs, collect, process, transmit, and store sensitive data on our systems, including intellectual property, proprietary or confidential business information, and a variety of personal data. We rely on third parties, including cloud vendors, for various business functions. We select key third-party service providers based on several factors, including the type of data processed and the nature of services offered, and we oversee such key third-party service providers by conducting vendor diligence upon onboarding and ongoing monitoring, including a review of SOC-1 reports on an annual basis. We have adopted processes designed to identify, assess and manage material risks from cybersecurity threats. Those processes include response to and an assessment of internal and external threats to the security, confidentiality, integrity and availability of our data and information systems, along with other material risks to our operations. In addition, we have implemented procedures over certain areas such as access on/offboarding and account management to help govern the processes put in place by management designed to protect our IT assets, data, and services from threats and vulnerabilities. Governance Management is responsible for the day-to-day management of the risks we face, while our board of directors has responsibility for the oversight of risk management, including risks from cybersecurity threats. The audit committee has primary responsibility for oversight of cybersecurity and is briefed on cybersecurity risks at least once a year and following any material cybersecurity incidents. Our board of directors receives periodic updates from our audit committee regarding matters of cybersecurity. Our board members also engage in ad hoc conversations with management on cybersecurity-related news events and discuss any significant updates to our cybersecurity risk management and initiatives. As of the date of this Annual Report on Form 10-K, we have not experienced a cybersecurity incident that resulted in a material effect on our business strategy, results of operations, or financial condition. For more information, see “Risk factors - If our internal information technology systems or sensitive information, or those of our third-party CROs or other contractors or consultants, are or were compromised, we could experience adverse consequences from such compromise, including but not limited to, a material disruption of the development of our product candidates, regulatory investigations or actions, litigation, fines and penalties, reputational harm, loss of revenue or profits, and other adverse consequences.”

Company Information