VERU INC. 10-K Cybersecurity GRC - 2024-12-16

Page last updated on December 16, 2024

VERU INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-12-16 15:48:54 EST.

Filings

10-K filed on 2024-12-16

VERU INC. filed a 10-K at 2024-12-16 15:48:54 EST
Accession Number: 0001437749-24-037576

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy We have developed and implemented a cybersecurity risk management program intended to materially protect the confidentiality, integrity and availability of our critical systems and information. Our cybersecurity risk management program includes policies and processes for assessing, identifying, and managing risk from cybersecurity threats as well as a cybersecurity incident response plan. Our cybersecurity risk management program is integrated into our overall risk management system and processes, and shares common methodologies, reporting channels and governance processes that apply across the enterprise risk management program to other strategic, operational, legal, compliance, and financial risk areas. Our cybersecurity policies and procedures are designed to ensure that appropriate cybersecurity measures and controls are developed, implemented, and maintained, with assistance from a third-party service provider. These policies and procedures and the resulting safeguards are designed and evaluated in light of our risk assessments. We have implemented access controls, firewalls, and intrusion detection and prevention systems, vulnerability and patch management processes, and we also use a variety of other automated tools and manual processes to safeguard our information systems. We maintain a business continuity and disaster recovery plan designed to enhance our incident response preparedness. We also require employees to undergo security awareness training when hired and based on periodic phishing tests. As of the date of this Annual Report on Form 10-K, we have not identified risks from known cybersecurity threats, including or as a result of any prior cybersecurity incidents, that have materially affected or are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition. For additional information regarding risks to us from cybersecurity threats, see “Risk Factors” in Item 1A. of this report. Governance One of the key functions of our board of directors is risk oversight, including risks from cybersecurity threats. Our board of directors is responsible for monitoring and assessing strategic risk exposure, and our executive officers are responsible for the day-to-day management of the material risks we face. Our board of directors administers its cybersecurity risk oversight function directly and through the audit committee. Our Chief Financial Officer is primarily responsible for assessing and managing our material risks from cybersecurity threats with assistance from a third-party service provider. Our Chief Financial Officer supervises efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, which include quarterly briefings from our third-party service provider and alerts and reports produced by security tools deployed in the IT environment. Our Chief Financial Officer has over 10 years of experience in overseeing our cybersecurity and information technology programs. We also rely on our third-party service provider for advice and expertise on monitoring evolving industry standards and best practices. Our Chief Financial Officer provides periodic briefings to the board of directors regarding the Company’s cybersecurity risks and activities, including any recent cybersecurity incidents and related responses, cyber security systems testing, and activities of third parties.

Company Information