Incannex Healthcare Inc. 10-K Cybersecurity GRC - 2024-09-30

Page last updated on October 1, 2024

Incannex Healthcare Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-09-30 07:30:21 EDT.

Filings

10-K filed on 2024-09-30

Incannex Healthcare Inc. filed a 10-K at 2024-09-30 07:30:21 EDT
Accession Number: 0001213900-24-082937

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy In the ordinary course of our business, we may collect, store, use, transmit, disclose, or otherwise process proprietary, confidential, and sensitive information, including personal information (such as health-related information), data related to clinical trials, intellectual property, and trade secrets. We depend on both our own systems, networks, and technology, as well as the systems, networks and technology of our collaborative partners, third-party service providers and other business partners, to safeguard our data. We recognize the critical importance of maintaining the trust and confidence of customers, business partners and employees toward our business and are committed to protecting the confidentiality, integrity and availability of our business operations and systems. Cybersecurity Program We face risks related to cybersecurity such as unauthorized access, cybersecurity attacks and other cybersecurity incidents, including as perpetrated by hackers, and unintentional damage or disruption to hardware and software systems, loss of data, and misappropriation of confidential, personal, and other sensitive or proprietary information. To identify and assess material risks from cybersecurity threats, we maintain a comprehensive cybersecurity program designed to ensure that our systems are effective and prepared for information security risks, including regular oversight of our programs for security monitoring for internal and external threats to ensure the confidentiality and integrity of our information assets. We consider risks from cybersecurity threats alongside other company risks as part of our overall risk assessment process. We engage industry recognized third-party cybersecurity consultants and technology to assist us with monitoring and maintaining the performance and effectiveness of our systems, network, and data. We maintain a cybersecurity risk management program designed to identify, assess, manage, mitigate, and respond to cybersecurity threats. This program, in conjunction with our enterprise risk management assessment processes, addresses cybersecurity risks to our information technology environment including systems, hardware, software, data, people, and processes. We describe whether and how risks from identified cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition, under the heading " If our information technology systems or data, or those of third parties upon which we rely, are of were compromised, we could experience adverse consequences resulting from such compromise, including regulatory investigations or actions, litigation, fines and penalties, disruptions of our business operations, reputational harm, and other loss of revenue or profits, " which disclosures are incorporated by reference herein. Process for Assessing, Identifying and Managing Material Risks from Cybersecurity Threats We engage third-party cybersecurity professionals and consultants, including those that provide cybersecurity risk advisory and information technology administration services, as a key component of our cybersecurity risk management strategy. Such third parties also generally assist us with oversight and administration of our cybersecurity risk management program and inform senior management and other relevant stakeholders regarding the prevention, detection, mitigation, and remediation of cybersecurity incidents. We utilize third-party specialists to conduct annual assessments of our cybersecurity risk management program, which incorporate recognized best practices and standards for cybersecurity and information technology, including the National Institute of Standards and Technology Cybersecurity Framework. The annual risk assessment identifies, quantifies, and categorizes material cybersecurity risks. In addition, in conjunction with our third-party cybersecurity risk management specialists, we develop a risk mitigation plan to address identified risks, and where necessary, remediate potential vulnerabilities. In addition, we maintain information security processes designed to safeguard and manage confidential, personal, and other sensitive or proprietary data, manage access and user accounts, and protect our information technology assets, data, and services from threats and vulnerabilities. We also maintain an information technology assets inventory, identity access management controls including restricted access to privileged accounts, and physical security measures at our facilities. Our processes also address cybersecurity threat risks associated with our use of third-party service providers, including our suppliers and manufacturers who have access to our data or our systems. In addition, cybersecurity considerations affect the selection and oversight of our third-party service providers. We perform diligence on third parties that have access to our systems, data or facilities that house such systems or data, and continually monitor cybersecurity threat risks identified through such diligence. Additionally, we generally require those third parties that could introduce significant cybersecurity risk to us to agree by contract to manage their cybersecurity risks in specified ways, and to agree to be subject to cybersecurity audits, which we conduct as appropriate. During the last fiscal year, we have not experienced any material cybersecurity incidents. 76 Governance Management Oversight Our cybersecurity program is overseen by our management team with assistance from our third-party information technology and cybersecurity consultants, with responsibility to lead our enterprise-wide cybersecurity strategy, policy, standards, architecture, and processes. This includes management of our controls and processes employed to assess, identify and manage material risks from cybersecurity threats. Our management team selects, deploys, and oversees cybersecurity technologies, initiatives, and processes directly or via selection of strategic third-party partners, and relies on threat intelligence as well as other information obtained from governmental, public, or private sources, including external consultants engaged for strategic cybersecurity risk management, advisory and decision making. Board Oversight Our board of directors oversees our cybersecurity risk exposures and the steps taken by our management team to monitor and mitigate cybersecurity risks. Our management team, in consultation with our third-party information technology and cybersecurity consultants, brief our board of directors on assessing and managing cybersecurity risks. In addition, cybersecurity risks are reviewed by our board of directors at least annually, as part of our corporate risk oversight processes. Our third-party information technology and cybersecurity consultants and management team provide periodic reports to our board of directors on cyber vulnerabilities identified through the risk management process, the effectiveness of our cybersecurity risk management program, the emerging threat landscape, and new cybersecurity risks on at least an annual basis. Such reports include updates on the processes to prevent, detect, and mitigate cybersecurity incidents.

Company Information