REVIVA PHARMACEUTICALS HOLDINGS, INC. 10-K Cybersecurity GRC - 2025-04-02

Page last updated on April 4, 2025

REVIVA PHARMACEUTICALS HOLDINGS, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-04-02 19:47:23 EDT.

Filings

10-K filed on 2025-04-02

REVIVA PHARMACEUTICALS HOLDINGS, INC. filed a 10-K at 2025-04-02 19:47:23 EDT
Accession Number: 0001437749-25-010791

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. CYBERSECURITY Cybersecurity Risk Management We, like other companies in our industry, face several cybersecurity risks in connection with our business. Our business strategy, results of operations, and financial condition have not, to date, been affected by risks from cybersecurity threats. During the reporting period, we have not experienced any material cyber incidents, nor have we experienced a series of immaterial incidents, which would require disclosure. In the ordinary course of our business, it is our strategy to minimize our data footprint; however, appropriate protocols are initiated and assessed to ensure proper security of the data we own. Cybersecurity partners, including assessors, consultants, advisors and other third-party service providers, are a key part of our cybersecurity risk management strategy and infrastructure. We partner with industry recognized cybersecurity providers leveraging third-party technology and expertise and engage with these partners to monitor and maintain the performance and effectiveness of IT assets, data and services. We do not use, store and process data of our partners, collaborators, and vendors in our facilities and instead outsource such functions to expert third parties. Our intellectual property data is not stored on site. We only maintain a bare minimum amount of employee data. By fully outsourcing our IT environment and placing it within expert third party software-as-a-service, human resource, and clinical providers, our primary means of avoiding cyber risk is not having sensitive data within our enterprise. We have implemented a cybersecurity risk management program that is designed to identify, assess, and mitigate risks from cybersecurity threats to data and our systems. Our cybersecurity risk management program incorporates several components, which include multifactor authentication, access control, data segregation, password requirements, email filtering, activity logging, malware protection, and an endpoint security tool. Additionally, we maintain a cyber insurance policy. The Company’s management team has prior experience selecting, deploying, and overseeing cybersecurity technologies, initiatives, and processes directly or via selection of strategic third-party partners. All third parties are reviewed by our chief executive officer (“CEO”), and including to ensure that they have risk management procedures in place, including physical, procedural, and technical safeguards. Additionally, the SOC 1 and/or SOC 2 reports of all critical vendors are obtained and analyzed on an annual basis in order to determine the effectiveness of third-party control environments. Governance Under the ultimate direction of our CEO, with oversight from our board of directors, we maintain a security governance structure to evaluate and address cyber risk. Our CEO regularly consults with our Chief Financial Officer (“CFO”) and third-party IT consultant who have expertise in cybersecurity to develop strategies to assess, address and align cybersecurity efforts with our business objectives and operational requirements. Our board of directors, in conjunction with third-party IT and cybersecurity service providers are responsible for oversight and administration of our cyber risk management program, and for informing senior management and other relevant participants in these processes regarding the prevention, detection, mitigation and remediation of cybersecurity incidents. Our leadership team has experience selecting and overseeing cybersecurity technologies, initiatives, and processes directly or via selection of strategic third-party partners. Our board of directors is responsible for the oversight of cybersecurity risk management, including oversight of information security and cybersecurity threats and related compliance and disclosure requirements. On an annual and as-needed basis, our CEO provides an update to our board of directors regarding our cybersecurity risk management program, including any critical cybersecurity risks, ongoing cybersecurity initiatives and strategies, and applicable regulatory requirements and industry standards. Our CEO also notifies our audit committee of any cybersecurity incidents (suspected or actual) and provides updates on the incidents as well as cybersecurity risk mitigation activities as appropriate.

Company Information