Oncotelic Therapeutics, Inc. 10-K Cybersecurity GRC - 2025-04-15

Page last updated on April 15, 2025

Oncotelic Therapeutics, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-04-15 16:57:03 EDT.

Filings

10-K filed on 2025-04-15

Oncotelic Therapeutics, Inc. filed a 10-K at 2025-04-15 16:57:03 EDT
Accession Number: 0001641172-25-004846

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY RISK MANAGEMENT, STRATEGY, AND GOVERNANCE. Risk management and strategy The Company recognizes the critical importance of developing, implementing, and maintaining robust cybersecurity measures to safeguard our information systems and protect the confidentiality, integrity, and availability of our data. Managing Material Risks & Integrated Overall Risk Management The Company has strategically integrated cybersecurity risk management into our broader risk management framework to promote a company-wide culture of cybersecurity risk management. This integration ensures that cybersecurity considerations are an integral part of our decision-making processes at every level. Our risk management team works to continuously evaluate and address cybersecurity risks in alignment with our business objectives and operational needs. Engage Third-parties on Risk Management, as required Recognizing the complexity and evolving nature of cybersecurity threats, the Company plans to engage external experts, including cybersecurity assessors and auditors in evaluating and testing our risk management systems. These partnerships would enable us to leverage specialized knowledge and insights, ensuring our cybersecurity strategies and processes remain at the forefront of industry best practices. Our possible collaborations with these third-parties will innclude regular audits, threat assessments, and consultation on security enhancements. Oversee Third-party Risk Because we are aware of the risks associated with third-party service providers, the Company plans to implement processes to oversee and manage these risks. We plan to conduct thorough security assessments of all third-party providers before engagement and maintain ongoing monitoring to ensure compliance with our cybersecurity standards. The monitoring will include periodic assessments by our Chief Executive Officer (“CEO”). This approach will be planned to design to mitigate risks related to data breaches or other security incidents originating from third-parties. 36 Risks from Cybersecurity Threats We have no t encountered cybersecurity challenges that have materially impaired our operations or financial standing. Governance The Board of Directors is acutely aware of the critical nature of managing risks associated with cybersecurity threats. The Board plans to establish robust oversight mechanisms to ensure effective governance in managing risks associated with cybersecurity threats because we recognize the significance of these threats to our operational integrity and stakeholder confidence, Board of Directors Oversight The Audit Committee is central to the Board’s oversight of cybersecurity risks and bears the primary responsibility for this domain. The Audit Committee is composed of board members with diverse expertise including, risk management, technology, and finance, equipping them to oversee cybersecurity risks effectively. In the absence of a functional Audit Committee at this time, the full Board of Directors will be responsible to oversight the cybersecurity risks for the Company. Management’s Role Managing Risk The CEO plays a pivotal role in informing the Board of Directors on cybersecurity risks. The CEO provides comprehensive briefings to the Audit Committee on a regular basis, with a minimum frequency of once per year. These briefings encompass a broad range of topics, including: ● Current cybersecurity landscape and emerging threats; ● Status of ongoing cybersecurity initiatives and strategies; ● Incident reports and learnings from any cybersecurity events; and ● Compliance with regulatory requirements and industry standards.

Company Information