Page last updated on March 3, 2025
ANI PHARMACEUTICALS INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-02-28 07:05:36 EST.
Filings
10-K filed on 2025-02-28
ANI PHARMACEUTICALS INC filed a 10-K at 2025-02-28 07:05:36 EST
Accession Number: 0001023024-25-000015
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
Item 1C. Cybersecurity Risk management and strategy We rely on information technology systems and various software applications to operate our business. To address cybersecurity risks, we have implemented a comprehensive process for identifying, assessing, and managing material threats, and integrating these measures into our overall risk management framework. Our Security Operations Team and Security Audit/Advisory Team play a key role in this strategy. Our senior leadership team, in collaboration with representatives from the Security Operations Team, as well as the legal, human resources, and finance departments, are responsible for developing and executing the company’s overall risk management program, including cybersecurity policies. To enhance security, we have established an Information Security Program with a formal written security and incident response policy. This policy outlines methods for assessing, identifying, and mitigating risks. Our cybersecurity program incorporates multiple security layers, and we engage external security consultants to assess, audit, and monitor our security controls and events. Additionally, we require third-party service providers to implement and maintain appropriate security measures and promptly report any suspected breaches that may impact the Company. We also maintain a cybersecurity insurance policy. We have invested in relevant tools and technologies to protect our data and business partners. Our Security Operations Team continuously monitors risks specific to our industry. We also leverage third-party assessors, consultants, and advisors to enhance our cybersecurity risk assessment and mitigation efforts. To foster a security-conscious culture, we have implemented a cybersecurity awareness program that educates employees on identifying and reporting threats. We conduct periodic phishing campaigns and training sessions to equip employees with the necessary skills to manage and defend against prevalent cybersecurity risks. Additionally, employees in specialized IT roles receive targeted training, including tabletop exercises, among other training. We continuously update and improve our cybersecurity program through independent assessments, penetration testing, and system vulnerability scanning. Our security framework follows a hybrid approach, incorporating best practices from the Center for Internet Security framework and incorporating relevant standards from the National Institute of Standards and Technology Cybersecurity framework. We also undergo an annual third-party assessment to evaluate the maturity of our cybersecurity program. Additionally, we periodically engage external advisors to assess our program’s effectiveness, strengthen policies, and identify potential vulnerabilities. Our Security Operations Team led by VP of Technology, collaborates regularly with IT network teams and other management stakeholders to review and address cybersecurity risks and opportunities. We have a global incident response plan with defined incident management protocols, escalation timelines, and responsibilities among other policies to manage data and its risks. As of the date of this Annual Report on Form 10-K, we are not aware of any previous cybersecurity incidents that have materially affected or are reasonably likely to materially affect the Company. Governance Our board of directors, with delegation to the audit committee, as appropriate, retains oversight of the Company’s cybersecurity risks. The senior leadership team provides periodic reports to our board of directors, as well as the Chief Executive Officer and audit committee as necessary . In addition, we have contracted with certified security experts that act as an extension of the internal information technology team for all security related items. These communications include potential risks facing the Company, assessments and evaluations of our cybersecurity environment, results of internal controls testing, and reports on our on-going initiatives to strengthen our cybersecurity framework. 59 Ta b l e of Contents
Company Information
| Name | ANI PHARMACEUTICALS INC |
| CIK | 0001023024 |
| SIC Description | Pharmaceutical Preparations |
| Ticker | ANIP - Nasdaq |
| Website | |
| Category | Large accelerated filer |
| Fiscal Year End | December 30 |