UNITED GUARDIAN INC 10-K Cybersecurity GRC - 2025-03-21

Page last updated on March 21, 2025

UNITED GUARDIAN INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-21 09:00:32 EDT.

Filings

10-K filed on 2025-03-21

UNITED GUARDIAN INC filed a 10-K at 2025-03-21 09:00:32 EDT
Accession Number: 0001171843-25-001611

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. We continue to augment the capabilities of our people, processes, and technologies to address our cybersecurity risks. Our cybersecurity risks, and the controls designed to mitigate those risks, are integrated into our overall risk management governance and are reviewed yearly by our Board of Directors. We take steps to protect our data and third-party data we receive through the implementation of technological and organizational measures designed to reduce the risk from cybersecurity threats, including data theft or destruction. We have undertaken a program of annual enterprise-wide cybersecurity risk assessments and have implemented policies, procedures, and programs designed to help manage the risks to which we are exposed in our business. As part of our risk management process, we have implemented a risk-based approach to identify and assess the cybersecurity threats that could affect our business and information systems, as well as the systems of third parties on whom we rely, such as any cloud hosting partners. Our cybersecurity program is designed to assess, identify, and manage material risks and vulnerabilities to our security posture, including prioritizing and remediating cybersecurity risks. Our program includes, among other things: - Incorporation of cybersecurity in our overall enterprise risk management processes, including periodic risk assessments and tools used to track and monitor risks. - Regular reviews of cybersecurity risks and mitigation efforts. - Use of software and hardware tools and services to help safeguard our systems, information, and data. - Assessments designed to help identify cybersecurity risks to our critical systems, information, products, services, and our broader enterprise IT environment. - An employee information security training program to educate employees on various cybersecurity risks and mitigation strategies. - Policies and processes governing our third-party security risks. 16 Risk Management and Strategy We have implemented a set of comprehensive cybersecurity and data protection policies and procedures. Risks from cybersecurity threats are regularly evaluated as a part of our broader risk management activities and as a fundamental component of our internal control system. Our employees receive ongoing cybersecurity awareness training, including specific topics related to social engineering and email fraud. We utilize an outsourced information technology firm and consultants with significant expertise in cybersecurity. We invest in advanced technologies for continuous cybersecurity monitoring across our information technology environment which are designed to prevent, detect, and minimize cybersecurity attacks, as well as alert management of such attacks. Our Information Technology General Controls are firmly established based on the National Institute of Standards and Technology (“NIST”) cybersecurity framework and cover areas such as risk management, data backup, and disaster recovery. We have utilized an outsourced information technology consultant to reduce and monitor security threats and vulnerabilities. As part of our gap analysis, identified vulnerabilities have been, and will continue to be, promptly addressed with our senior business leadership and our Board of Directors. Governance Our Board of Directors is responsible for overseeing our cybersecurity risk management and strategy. Our President regularly meets with and provides periodic briefings to our Board of Directors regarding our cybersecurity risks and activities, including any recent cybersecurity incidents and related responses, cybersecurity systems testing, activities of third parties, and the like.

Company Information