UNITED GUARDIAN INC - (UG)
10-K Filing Date: March 22, 2024
We continue to augment the capabilities of our people, processes, and technologies in order to address our cybersecurity risks. Our cybersecurity risks, and the controls designed to mitigate those risks, are integrated into our overall risk management governance and are reviewed yearly by our Board of Directors.
Risk Management and Strategy
We have implemented a set of comprehensive cybersecurity and data protection policies and procedures. Risks from cybersecurity threats are regularly evaluated as a part of our broader risk management activities and as a fundamental component of our internal control system. Our employees receive annual cybersecurity awareness training, including specific topics related to social engineering and email frauds. We utilize an outsourced information technology firm and consultants with significant expertise in cybersecurity. We invest in advanced technologies for continuous cybersecurity monitoring across our information technology environment which are designed to prevent, detect, and minimize cybersecurity attacks, as well as alert management of such attacks.
Our Information Technology General Controls are firmly established based on the National Institute of Standards and Technology (“NIST”) cybersecurity framework and cover areas such as risk management, data backup, and disaster recovery. We have utilized an outsourced information technology consultant to reduce and monitor security threats and vulnerabilities. As part of our gap analysis, identified vulnerabilities have been, and will continue to be, promptly addressed with our senior business leadership and our Board of Directors.
Governance
Our Board of Directors is responsible for overseeing our cybersecurity risk management and strategy. Our President regularly meets with and provides periodic briefings to our Board of Directors regarding our cybersecurity risks and activities, including any recent cybersecurity incidents and related responses, cybersecurity systems testing, activities of third parties, and the like.