CorMedix Inc. 10-K Cybersecurity GRC - 2025-03-25

Page last updated on March 25, 2025

CorMedix Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-25 08:30:21 EDT.

Filings

10-K filed on 2025-03-25

CorMedix Inc. filed a 10-K at 2025-03-25 08:30:21 EDT
Accession Number: 0001013762-25-001852

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Management and Strategy The Company has processes in place for assessing, identifying, preventing, and managing material risks from cybersecurity threats, including related to the use of third-party service providers. In addition, the Company leverages the security and monitoring tools of third-party service providers. These processes are integrated into the Company’s overall risk management program and systems, as overseen by the Board, primarily through the Audit Committee. We maintain physical, technical and administrative safeguards to prevent and identify cybersecurity risks, and have implemented practices and procedures to address cybersecurity risks. To this end, among other things, we: ● provide annual mandatory training for our employees regarding cybersecurity threats as a means to equip them with effective tools to address cybersecurity threats, and to communicate our evolving information security policies, standards, processes and practices; ● conduct regular simulation modules for all employees to enhance awareness and responsiveness to possible threats; ● conduct cybersecurity management and incident training for employees involved in our systems and processes that handle sensitive data; and ● carry cyber liability insurance that is intended to provide protection against the potential losses arising from a cybersecurity incident. We are currently working with outside counsel to further develop a formal cybersecurity incident response plan as a part of our review of and improvements to the Company’s cybersecurity policies. While we are regularly exposed to malicious technology-related events and threats, none of these, either individually or in the aggregate of related occurrences, have materially affected the Company in the period covered by this Annual Report on Form 10-K. In determining materiality, cybersecurity incidents are reviewed not only for potential financial impacts, which could include potential legal and regulatory penalties, stolen assets or funds, system damage, forensic and remediation costs, lost revenue or litigation costs, but also the breadth and sensitivity of data exposure, data exfiltration, impacts on the ability to operate our business or provide our services and loss of investor confidence. Governance The Board executes its oversight responsibility for risk management both directly and through delegating oversight of certain risks to its committees. The Board has authorized the Audit Committee to oversee risks related to cybersecurity threats. Our Audit Committee has primary oversight responsibility for cybersecurity and information security risk management and controls. As part of its oversight function, the Audit Committee oversees the Company’s risk assessment and risk management policies, including related to cybersecurity and the overall data protection program. Our senior management is responsible for assessing and managing the Company’s various exposures to risk, including those related to cybersecurity, on a day-to-day basis, including the identification of risks through an enterprise risk management framework and the creation of appropriate risk management programs and policies to address such risks. In particular, the Company’s Senior Manager, IT, has 24 years of experience in enterprise IT and has primary responsibility for managing our cybersecurity program and efforts. Our finance and IT teams are responsible for the testing and audit of our information-technology related internal controls. 29 See Item 1A, Risk Factors , for additional information on the Company’s cybersecurity risk profile, in particular the risk factor under the headings entitled " Risks relating to data privacy could create additional liabilities for us “.

Company Information