Assertio Holdings, Inc. 10-K Cybersecurity GRC - 2025-03-12

Page last updated on March 12, 2025

Assertio Holdings, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-12 17:14:59 EDT.

Filings

10-K filed on 2025-03-12

Assertio Holdings, Inc. filed a 10-K at 2025-03-12 17:14:59 EDT
Accession Number: 0001808665-25-000009

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity
ITEM 1C. CYBERSECURITY Risk Management and Strategy In the ordinary course of our business, we collect, use, store, and transmit digitally large amounts of confidential, sensitive, proprietary, personal, and health-related information. The secure maintenance of this information and our information technology systems is important to our operations and business strategy. To this end, we have implemented processes designed to assess, identify, and manage risks arising from internal and external cybersecurity threats and vulnerabilities from potential unauthorized occurrences on or through our information technology systems that may result in adverse effects on the confidentiality, integrity, and availability of these systems and the data residing therein. These processes are managed and monitored by a third-party information technology team , which reports to our Senior Vice President of Human Resources and Administration, and includes mechanisms, controls, technologies, systems, and other processes designed to prevent or mitigate data loss, theft, misuse, or other security incidents or vulnerabilities affecting the data while also maintaining a stable information technology environment. For example, we conduct penetration and vulnerability testing, data recovery testing, security audits, and ongoing risk assessments, including due diligence on and audits of our key technology vendors. We have an incident response plan designed to mitigate and remediate identified cybersecurity incidents at both Assertio and our customers and vendors and escalate certain incidents to management and, as appropriate, the Audit Committee. We also conduct periodic employee trainings on cyber and information security, among other topics. As needed, we consult with outside advisors and experts to assist with assessing, identifying, and managing cybersecurity risks in order to anticipate future threats and trends, and their impact on the Company’s risk environment. Cybersecurity risks and threats are integrated into our enterprise risk management (“ERM”) program, which establishes a risk management framework that seeks to identify and assess risks that could materially impact our business and operations. Governance The Board of Directors, as a whole and at the committee level, has oversight for the most significant risks facing us and for our processes to identify, prioritize, assess, manage, and mitigate those risks. The Board oversees the ERM program and oversees an enterprise-wide approach to risk management, including risks related to cybersecurity. The Audit Committee, which is comprised solely of independent directors, has been designated by our Board of Directors to oversee cybersecurity risks. The Audit Committee receives, at a minimum, quarterly updates on cybersecurity and information technology matters and related risk exposures from our Senior Vice President of Human Resources and Administration as well as other members of the senior leadership team, including, if necessary, the Chief Financial Officer. The Board also receives updates from management and the Audit Committee on cybersecurity risks on at least an annual basis. Our Senior Vice President of Human Resources and Administration, who reports directly to our Chief Executive Officer and has been responsible for overseeing the assessment and management of cybersecurity risks at Assertio for approximately a year and a half. Since the beginning of the last fiscal year, there were no identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected us, bu t we face certain ongoing cybersecurity risks threats that, if realized, are reasonably likely to materially affect us. Additional information on cybersecurity risks we face is 43 discussed in Part I, Item 1A , “Risk Factors,” under the heading “Business interruptions, including data breaches an d cyber-attacks can compromise our intellectual property or other sensitive information and cause significant damage to our business, can limit our ability to operate our business, and adversely impact the success of our commercialization partners.”

Company Information