Estrella Immunopharma, Inc. 10-K Cybersecurity GRC - 2024-09-26

Page last updated on September 27, 2024

Estrella Immunopharma, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-09-26 19:50:52 EDT.

Filings

10-K filed on 2024-09-26

Estrella Immunopharma, Inc. filed a 10-K at 2024-09-26 19:50:52 EDT
Accession Number: 0001213900-24-082374

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. Risk Management and Strategy Estrella has adopted cybersecurity principles modeled after its parent company, Eureka, which outsources its IT support to a third-party provider. Estrella’s IT infrastructure is limited due to its size and scope, and it has not conducted a formal standalone IT risk assessment. Because it has not conducted a formal standalone IT risk assessment, Estrella’s process for assessing, identifying, and managing material risks from cybersecurity threats has not been fully integrated into its overall risk management system or process. Estrella does not have a formal process established to oversee and identify cybersecurity threats and risks associated with its reliance on the third-party IT support provider of Eureka. However, it has implemented several key cybersecurity measures, focusing heavily on cloud-based solutions to protect its financial data and communications. Key cybersecurity risk management strategies include: ● Data Backup and Recovery: Estrella stores all critical data in the cloud and does not maintain on-premise servers. Daily backups are conducted and monitored to protect financial and operational data from loss or breach. Periodic restore tests are also performed to verify the integrity of the data. ● Two-Factor Authentication: Access to Estrella’s data and email, hosted on Office 365, is protected by two-factor authentication, providing an additional layer of security against unauthorized access. ● Data Access Control: Financial data is stored on a dedicated SharePoint site, with access restricted to relevant personnel only, ensuring tight control over sensitive information. ● Email Protection: Estrella employs Exchange Online Protection (EOP) for email filtering, Data Loss Prevention (DLP) to prevent accidental sharing of sensitive information, and basic email encryption to secure communications. Governance Cybersecurity oversight at Estrella is integrated into Eureka’s IT governance framework. Eureka’s IT Governance Committee, which consists of the CEO from the third-party IT provider and Eureka’s operations team, oversees cybersecurity risk assessments and controls. The third-party IT provider has more than three decades of experience in providing strategic planning and IT outsourcing to companies, with cybersecurity professionals on staff that specialize in NIST compliance. Estrella’s CEO is responsible for ensuring that cybersecurity measures relevant to Estrella are in place and effective. Estrella’s management works closely with Eureka’s IT Governance Committee to ensure that Estrella benefits from Eureka’s comprehensive cybersecurity practices. Although Estrella does not have a dedicated cybersecurity officer, Eureka’s IT Governance Committee, oversees the IT support provided by the third-party IT provider to Estrella. Any critical cybersecurity incidents or risks identified are communicated to Estrella’s board for review and action. In the event of a cybersecurity incident, the board is promptly informed, and measures are taken in coordination with Eureka’s IT Governance Committee and third-party IT provider to address and mitigate any risks. Estrella’s board is committed to ensuring that cybersecurity remains a priority and that all necessary steps are taken to protect the company’s data and operations. During the year ended June 30, 2024, we did not identify any cybersecurity threats that have materially affected or are reasonably likely to materially affect our business strategy, results of operations, or financial condition. However, we may not be aware of all vulnerabilities or might not accurately assess the risks of incidents, and such preventative measures cannot provide absolute security and may not be sufficient in all circumstances or mitigate all potential risks.

Company Information