PROVECTUS BIOPHARMACEUTICALS, INC. - (PVCT)

10-K Filing Date: March 28, 2024
ITEM 1C. CYBERSECURITY.

 

Provectus Biopharmaceuticals understands the importance of managing risks from cybersecurity threats and maintains a comprehensive cybersecurity program developed with reference to the National Institute of Standards and Technology (“NIST”) cybersecurity framework. Our cybersecurity program includes administrative, organizational, technical, and physical safeguards reasonably designed to protect the confidentiality, integrity, and availability of our data. We devote significant resources to network, operations, and product security, data encryption, business continuity/disaster recovery, vulnerability management, event monitoring and incident response, and other measures to protect our systems and data from unauthorized external access or internal misuse.

 

Our use of information systems for accessing, transmitting, and storing data is a vital aspect of our business operations. Information systems can be vulnerable to a range of cybersecurity threats that could potentially have a material impact on our business, results of operations, and financial condition.

 

Cybersecurity is a key category within our risk management efforts, and our cybersecurity risk management is intended to assist in assessing, identifying, and managing material risks from cybersecurity threats to the Company’s information systems. Our cybersecurity risk management and strategy are based upon utilizing systems that are cloud-based which require multifactor authentication to access. Due to our small size, we partner with a third-party service provider which utilizes multiple security operations centers. The security operations centers maintain, monitor, mitigate, and alert on threats against the cloud systems that we utilize. If a risk is identified, the security operations center has the ability to shut down access to any user in the Company.

 

The Audit Committee of our Board of Directors is responsible for oversight of the Company’s cybersecurity risk management. Management’s role is to assist the Audit Committee in identifying and considering material cybersecurity risks, ensure implementation of management- and employee-level cybersecurity practices and training, and provide the Audit Committee with unrestricted access to Company personnel and documents regarding any cybersecurity attacks or vulnerabilities.

 

We also require our employees to participate in cybersecurity training and awareness programs. The Company’s employees are expected to help safeguard the Company’s information systems and to assist in the discovery and reporting of cybersecurity incidents. These programs are intended to decrease cybersecurity risks associated with human error and foster a culture of cybersecurity consciousness.

 

To date, the risks from cybersecurity threats, including because of any previous immaterial cybersecurity incidents, have not materially affected nor are reasonably likely to materially affect our business strategy, results of operations, or financial condition. While our insurance covers certain cybersecurity-related matters, the costs related to cybersecurity threats or disruptions may not be fully insured.

 

© 2024 Material-Incidents. All rights reserved.