ACTUATE THERAPEUTICS, INC. 10-K Cybersecurity GRC - 2025-03-13

Page last updated on March 14, 2025

ACTUATE THERAPEUTICS, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-13 16:30:23 EDT.

Filings

10-K filed on 2025-03-13

ACTUATE THERAPEUTICS, INC. filed a 10-K at 2025-03-13 16:30:23 EDT
Accession Number: 0001683168-25-001581

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. Cybersecurity Risk Management Strategy We have implemented and recently enhanced various information security processes designed to identify, assess, and manage material risks from cybersecurity threats to our critical computer systems, third-party hosted services, communications systems, hardware and software, and our critical data, including intellectual property, confidential information that is proprietary, strategic or competitive in nature, and data related to our clinical studies, manufacturing, and employees. We engage an external entity to employ processes for assessing, identifying, and managing material risks from cybersecurity threats that are incorporated into our overall risk management system. These items are designed to help protect our information assets from internal and external threats and protect the integrity and confidentiality of our data. Our system includes procedural and technical safeguards, response plans, and reviews of our policies. In addition, our recently enhanced information security process includes cybersecurity and prevention training for all employees and key consultants, including timely and relevant topics covering social engineering, phishing, mobile security, and data protection and the need for reporting incidents and suspicious events immediately. Although we develop and maintain systems and controls designed to prevent cybersecurity threats from occurring, and we have a process to identify and mitigate threats, the development and maintenance of these systems, controls and processes is costly and requires ongoing monitoring and updating as technologies change and efforts to overcome security measures become increasingly sophisticated. Moreover, despite our efforts, the possibility of these events occurring cannot be eliminated entirely. As we outsource more of our information systems to vendors, engage in more electronic transactions with service providers, and rely more on cloud-based information systems, the related security risks will increase and we will need to expend additional resources to protect our technology and information systems. In addition, there can be no assurance that our internal information technology systems or those of our third-party contractors, or our consultants’ efforts to implement adequate security and control measures, will be sufficient to protect us against breakdowns, service disruption, data deterioration or loss in the event of a system malfunction, or prevent data from being stolen or corrupted in the event of a cyberattack, security breach, industrial espionage attacks or insider threat attacks which could result in financial, legal, business or reputational harm. As of the date of this Report, we are not aware of any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, that have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition. Cybersecurity Governance Our senior management team conducts the regular assessment and management of material risks from cybersecurity threats, including review with our third-party service provider. All employees and consultants are directed to report to our senior management any irregular or suspicious activity that could indicate a cybersecurity threat or incident. The Audit Committee of our Board of Directors periodically reviews our cybersecurity assessment and management policies, as appropriate. 100

Company Information