Edesa Biotech, Inc. 10-K Cybersecurity GRC - 2024-12-13

Page last updated on December 13, 2024

Edesa Biotech, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-12-13 16:45:31 EST.

Filings

10-K filed on 2024-12-13

Edesa Biotech, Inc. filed a 10-K at 2024-12-13 16:45:31 EST
Accession Number: 0001171843-24-006946

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. CYBERSECURITY. Risk Management and Strategy In the ordinary course of our business, we, and third parties upon which we rely, collect, use, store and transmit confidential, sensitive, proprietary, personal and protected health information. The secure maintenance of this information is important to our operations and business strategy. To this end, we have implemented various cybersecurity plans and processes designed to manage cybersecurity risks relating to our third party hosted services, communications systems, hardware and software, and our critical data, including data related to our clinical trials and investigational products. One of our strategies to mitigate cybersecurity risks is to utilize expert third-party software-as-a-service, human resource, and clinical providers to store and manage personally identifiable information, rather than maintaining and processing such data within our enterprise. We select reliable, reputable service providers that maintain cybersecurity programs of their own and other measures to comply with privacy and security requirements, including when applicable Canada’s Personal Information Protection and Electronic Document Act (PIPEDA) and the U.S. Health Insurance Portability and Accountability Act (HIPAA). Depending on the nature of the services provided, the sensitivity and quantity of information processed and the identity of the service provider, we may also contractually impose certain security obligations on the provider. Our executive leadership exerts operational oversight of our cybersecurity as part of our overall risk management function. We engage an expert IT and security provider to assist us with managing security risk and responding to cybersecurity threats or incidents. We have designed our business applications and hosting services to minimize the impact that cybersecurity incidents could have on our business and utilize back-up and recovery systems where appropriate. We also use other technology-based tools that are designed to mitigate and detect cybersecurity risks. In addition, we provide our employees with cybersecurity training, including topics such as phishing, password protection and reporting cyber incidents. 41 Governance Our board of directors oversees our risk management strategy with respect to cybersecurity threats. The board, through its audit committee, holds regular meetings, at least quarterly, to discuss issues including our cybersecurity threats. The meetings involve presentations and reports from our executive leadership and security provider, concerning our cybersecurity risk management activities, including any critical cybersecurity risks, ongoing cybersecurity initiatives and strategies, and applicable regulatory requirements and industry standards. Management also notifies the audit committee of any cybersecurity incidents (suspected or actual) and provides updates on the incidents as appropriate. Material Effects of Cybersecurity Incidents As of the date of this report, we have not identified any cybersecurity event or risks from cybersecurity threats that, individually or in the aggregate, would materially affect us. Notwithstanding, we, or third parties upon which we relay, may not be successful in preventing or mitigating a cybersecurity incident that could have a material adverse effect on us or our business strategy, results of operations or financial condition. For further information, refer to Section 1A, Risk Factors, for a discussion of risks related to cybersecurity and technology, including, without limitation, the risk factor under the heading " We rely significantly on information technology and any failure, inadequacy, interruption or security lapse of that technology, including any cybersecurity incidents, could harm our ability to operate our business effectively "

Company Information