ADMA BIOLOGICS, INC. - (ADMA)
10-K Filing Date: February 28, 2024
Cybersecurity
Risk Management and Strategy
We recognize the importance of managing the material risks of cybersecurity threats, and we have implemented processes for identifying and assessing cybersecurity risks and incidents. We have also integrated these processes into our overall risk management system, including senior management’s periodic reviews of cybersecurity risks or threats. Senior management oversees and works closely with our IT department to continuously review and evaluate cybersecurity risks in alignment with our business goals and needs.
With respect to cybersecurity risks and threats, we utilize various third-party consultants and advisors to assist us with regular reviews, internal audits and best practices, including threat prevention and detection, security reviews and enhancements, penetration testing and full scope IT audits. ADMA also has strict processes in place for the review of third-party service providers engaged, including thorough security assessments before engagement and annual monitoring of their IT environments and controls.
During the year ended December 31, 2023, as initially disclosed in our Quarterly Report on Form 10-Q for the period ending June 30, 2023 and updated elsewhere in our subsequent filings with the SEC, including this Annual Report on Form 10-K, we experienced an IT Systems Disruption, which did result in a non-recurring charge to our results of operations. There was no original financial systems data loss or any evidence of data exfiltrated due to this disruption. Normal course operations have resumed across the Company’s business units.
Governance
Our Chief Executive Officer and Chief Financial Officer are primarily responsible for timely updating the Board and Audit Committee about any material cybersecurity incidents or threats or any cybersecurity related issues worthy of their attention.
Our Board has designated the Audit Committee as the primary committee responsible for reviewing and managing cybersecurity risks and threats at ADMA. The Audit Committee is comprised of Board members with diverse experience in healthcare, finance and information technology, enabling them to effectively oversee cybersecurity risks and threats. Our management team, with assistance from third-party consultants or advisors as appropriate, provides quarterly updates regarding cybersecurity risks and threats to the Audit Committee and ad hoc updates or communications are provided to the entire Board as needed.
The Data Integrity and IT Operations team are primarily responsible for the timely identification, review, severity assessment and management of cybersecurity incidents. In the event of a cybersecurity incident, the IT Department leadership follows the procedures outlined in our Cybersecurity Incident Response Policy and works closely with management to form a Security Incident Response Team comprised of members from the appropriate functional teams. In accordance with this policy, senior management will also communicate the occurrence of any significant cybersecurity incidents to our Board, Audit Committee and auditors on a timely basis and will keep them informed of the remediation plans and progress.