Anixa Biosciences Inc 10-K Cybersecurity GRC - 2025-01-10

Page last updated on January 10, 2025

Anixa Biosciences Inc reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-01-10 17:18:53 EST.

Filings

10-K filed on 2025-01-10

Anixa Biosciences Inc filed a 10-K at 2025-01-10 17:18:53 EST
Accession Number: 0001493152-25-001787

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Overview Our IT and related systems are critical to the efficient operation of our business and essential to our ability to perform day to day processes. We face persistent security threats, including threats to our IT infrastructure and unlawful attempts to gain access to our confidential or otherwise proprietary information, or that of our employees, via phishing/malware campaigns and other cyberattack methods. Our security policies and processes are based on industry best practices and are revisited regularly to ensure their appropriateness based on risk, threats and current technological capabilities. We regularly assess our threat landscape and monitor our systems and other technical security controls, maintain information security practices and ensure maintenance of backup and protective systems. We review System and Organization Controls 1 (SOC 1 Type II) certifications where relevant from key third party partners and other service providers with access to information assets at least annually. Our internal controls and procedures address cybersecurity and include processes intended to ensure that security breaches are reported to appropriate personnel and, if warranted, analyzed for potential disclosure. We also maintain insurance coverage that is intended to address certain aspects of cybersecurity risks. To date, there have not been any cybersecurity threats that have materially affected the Company. Governance Board Oversight of Cybersecurity Matters Assessing and managing information security matters is the responsibility of our Audit Committee. The Audit Committee meets with the senior executives, specifically the Chief Executive Officer and Chief Financial Officer on at least an annual basis to discuss cybersecurity posture. The Audit Committee may also periodically receive targeted briefings related to cybersecurity and reviews our incident response capabilities. 26 Management of Cybersecurity Risks The senior executives work to protect our information systems from cybersecurity threats and to promptly assist in coordinating a response to any cybersecurity incidents in accordance with our cybersecurity incident response and recovery plans. We have engaged an IT Managed Service Provider who assists in the oversight of our corporate-wide data security, including developing, implementing and enforcing security policies to manage our overall cybersecurity risks. The senior executives regularly meet with our IT Managed Service Provider during the course of the year to review and discuss cybersecurity issues. Strategy Our Security Culture We protect our information assets and manage risk by promoting a culture that communicates security risks, designs secure IT systems and operates according to approved processes to reduce the likelihood and impact of security incidents. We achieve this objective by: ● designing, implementing and maintaining solutions with appropriate security controls; ● sustaining solutions with required patching and vulnerability remediation; ● creating and executing controls in support of policy as well as regulatory compliance; ● ensuring that our policies, processes, practices and technologies proactively protect, shield, defend and remediate cyber threats; and ● delivering quality communications and annual training to stakeholders on cyber awareness and computing hygiene. We believe that the conduct of our employees is critical to the success of our information security. We keep our employees apprised of threats, risks and the part that they play in protecting both themselves and the Company. We assess our service providers prior to allowing our information to be processed, stored or transmitted by third parties, and we include standardized contractual requirements in each contract where appropriate. We validate our service providers’ security via questionnaires, open-source intelligence and, where appropriate, SOC 1 Type II reports on financially significant third-party service providers. Our process also includes regular monitoring of risk related to third parties on a periodic basis or when services or product purchases expand beyond their original scope or intended use.

Company Information