Apimeds Pharmaceuticals US, Inc. 10-K Cybersecurity GRC - 2025-04-15

Page last updated on April 15, 2025

Apimeds Pharmaceuticals US, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-04-15 17:24:45 EDT.

Filings

10-K filed on 2025-04-15

Apimeds Pharmaceuticals US, Inc. filed a 10-K at 2025-04-15 17:24:45 EDT
Accession Number: 0001213900-25-032206

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy Managing Material Risks & Integrated Overall Risk Management In the normal course of business, we may collect and store certain sensitive company information, including proprietary and confidential business information. We maintain various protections designed to safeguard against cyberattacks, including firewalls, key-based authentication, and virtual private networks. We protect against business interruption by backing up our major systems. We consider these cybersecurity risk management efforts as part of our broader risk management framework. This integration helps ensure that cybersecurity considerations are a fundamental part of our decision-making processes. Our management team works with our audit committee and board of directors (the “Board”) to evaluate and address cybersecurity risks in alignment with our business objectives and operational needs. Engage Third Parties on Risk Management To date, we have not engaged independent third parties to assess the risks associated with our information technology resources and information assets. In the future, we may engage third parties to analyze data on the interactions of users of our information technology resources, including our employees, and evaluate the performance of our cybersecurity systems and processes. Oversee Third Party Risk We utilize various third-party software applications in the functioning of our core business. We consider the cybersecurity practices of our third-party service providers, including through a general security assessment and contractual requirements, as appropriate, before engaging them in order to help protect us from any related vulnerabilities. Our assessment of risks associated with the use of third-party providers is part of our overall risk management framework. Risks from Cybersecurity Threats We face risk from cybersecurity threats that could have a material adverse effect on our business, financial condition, results of operations, cash flows or reputation. To date, we have not experienced any previous cybersecurity incidents that have materially affected or are reasonably likely to materially affect our business strategy, results of operations, or financial condition. 25 Governance Board of Directors Oversight Our Board is aware of the critical nature of managing risks associated with cybersecurity threats, and recognizes the significance of these threats to our operational integrity and stockholder confidence. Risk Management Personnel The audit committee is central to the Board’s oversight of cybersecurity risks and bears the primary responsibility for this domain as part of its broader responsibility for risk assessment and management. The audit committee is responsible for escalating significant cybersecurity matters and strategic risk management decisions to the Board, granting the Board comprehensive oversight and the ability to provide guidance on critical cybersecurity issues. We intend for the audit committee to review the Company’s cybersecurity posture and the effectiveness of its risk management strategies annually and brief the full Board with respect to the Company’s cybersecurity posture and potential risks on a regular basis, with a minimum frequency of once per year. Management’s Role Managing Risk and Reporting to the Board We do not currently have an employee who has significant and demonstrated professional IT management experience and possesses the requisite education, skills and experience needed to develop and execute our cybersecurity strategies. Presently, our senior management is responsible for monitoring our cybersecurity risks and maintaining an ongoing dialogue with the audit committee regarding emerging or potential cybersecurity risks as needed. The relationship between senior management and the audit committee regarding current and emerging cybersecurity concerns helps to integrate cybersecurity consideration into the Company’s broader strategic objectives.

Company Information