Dermata Therapeutics, Inc. 10-K Cybersecurity GRC - 2025-03-17

Page last updated on March 17, 2025

Dermata Therapeutics, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-17 16:15:32 EDT.

Filings

10-K filed on 2025-03-17

Dermata Therapeutics, Inc. filed a 10-K at 2025-03-17 16:15:32 EDT
Accession Number: 0001654954-25-002885

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Cybersecurity Risk Management and Strategy In the ordinary course of our business, we may use, store and process confidential information and data. To effectively prevent, detect, and respond to cybersecurity threats, we maintain a cyber risk management program, which is comprised of data segregation, physical, procedural, and technical safeguards along with some documented policies and procedures. By fully outsourcing our IT environment and placing it within expert third party software-as-a-service, human resource, and clinical providers, our primary means of minimizing cybersecurity risk is limiting the amount of sensitive data within our enterprise . We have certain processes for assessing, identifying, and managing cybersecurity risks, which are built into our overall information technology function and are designed to help protect our information assets and operations from internal and external cyber threats, and protect employee, collaborator, and patient information from unauthorized access or attack, as well as secure our networks and systems. Such processes include physical, procedural, and technical safeguards, response plans, tests on our systems, review of our policies and procedures to identify risks and refine our practices. We engage certain external parties, including IT consultants and computer security firms, to enhance our cybersecurity oversight including by gaining valuable insights into the ever-evolving cybersecurity landscape. We consider the internal risk oversight programs of third-party service providers before engaging them in order to help protect us from any related vulnerabilities. In an effort to deter and detect cyber threats, we regularly provide all employees with a data protection, cybersecurity, incident response, and prevention, training and compliance program, which covers timely and relevant topics, including social engineering, phishing, password protection, confidential data protection, asset use and mobile security, and educates employees on the importance of reporting all incidents immediately. We also use technology-based tools that are designed to mitigate cybersecurity risks and to bolster our employee-based cybersecurity programs. We do not believe that there are currently any known risks from cybersecurity threats that are reasonably likely to materially affect us or our business strategy, results of operations or financial condition. Governance; Board Oversight Under the ultimate direction of our Chief Executive Officer , with oversight from our Board and Audit Committee (as described below), we maintain a security governance structure to evaluate and address cybersecurity risks. Our Chief Executive Officer regularly consults with our Chief Financial Officer and third-party IT consultants and computer security firms, leveraging and relying upon these consultants’ cybersecurity expertise, to develop strategies that assess and address threats while aligning cybersecurity efforts with business objectives and operational requirements. The Audit Committee of our Board provides direct oversight over cybersecurity risk and provides updates to the Board regarding such oversight on a periodic basis . The Audit Committee receives periodic updates from management regarding cybersecurity matters and is notified between such updates regarding significant new cybersecurity threats or incidents. The Audit Committee also notifies the Board of any cybersecurity incidents (suspected or actual) and provides updates on the incidents as well as cybersecurity risk mitigation activities as appropriate.

Company Information