ANI PHARMACEUTICALS INC - (ANIP)
10-K Filing Date: February 29, 2024
Item 1C. Cybersecurity
Risk management and strategy
We maintain a comprehensive process for identifying, assessing and managing material risks arising from cybersecurity threats, and have integrated these into our overall risk management processes. Our senior leadership team, along with representatives from our information technology, legal, human resources and finance departments, are responsible for developing the Company’s overall risk management program and are also responsible for executing our cybersecurity policies.
40
We are establishing a formal written information security policy and incident response policy which outlines the methods for assessing, identifying, and managing risks related to the Company. We’ve developed a robust cybersecurity program which includes multiple security layers. We understand the importance of a strong cybersecurity framework and have hired external security consultants to assess, audit, and monitor its security controls and events. We also ensure that third-party service providers have the ability to implement and maintain appropriate security measures in connection with their work with us, and to promptly report any suspected breach of its security measures that may affect our company. In addition, we maintain a cybersecurity insurance policy. Our business strategy, results of operations and financial condition have not been materially affected by risks from cybersecurity threats.
Governance
Our board of directors, with delegation to the audit committee, as appropriate, retains oversight of the Company’s cybersecurity risks. The senior leadership team provides periodic reports to our board of directors, as well as the Chief Executive Officer and audit committee as necessary. In addition, we have contracted with certified security experts that act as an extension of the internal information technology team for all security related items. These communications include potential risks facing the Company, assessments and evaluations of our cybersecurity environment, results of internal controls testing, and reports on our on-going initiatives to strengthen our cybersecurity framework.