Processa Pharmaceuticals, Inc. - (PCSA)

10-K Filing Date: March 29, 2024
Item 1C. Cybersecurity

 

Cybersecurity Risk Management and Strategy

 

We have established processes to assess, identify, and manage cybersecurity risks. These processes are integrated into our overall risk management program and are designed to protect our information assets from internal and external cyber threats and include:

 

  implementing physical, procedural, and technical safeguards;
  developing and maintaining comprehensive response plans;
  engaging with external cybersecurity experts to enhance our oversight and keep pace with evolving threats; and
  considering the cybersecurity capabilities of partners and third-party service providers, both prior to engaging them and on an ongoing basis.

 

Cybersecurity Governance and Oversight

 

Our Board of Directors provides direct oversight of cybersecurity risk and has delegated to its audit committee the responsibility of reviewing and discussing with management our risk exposures relating to cybersecurity. The Board of Directors and the audit committee will receive regular updates from management on cybersecurity matters and are promptly informed by management about any significant new threats or incidents. In the future, management and our third-party service providers will conduct reviews at least once annually of our cybersecurity readiness to ensure continuous improvement in our cybersecurity strategies.

 

46
 

 

We have implemented mechanisms to monitor and manage cybersecurity threats and incidents, including utilization of tools for continuous monitoring of our IT environment to detect and mitigate threats, a fundamental plan for responding to cyber incidents and training for employees to recognize and report potential cybersecurity incidents and to foster a culture of cybersecurity awareness and vigilance. Our Chief Administrative Officer, along with a third-party service provider, are responsible for operational oversight of our cybersecurity strategy and policies. Any identified cybersecurity incident is reported to our Chief Administrative Officer who evaluates the severity of the incident. Based on this assessment, further steps are taken involving other members of management and, depending on the severity, the audit committee and the Board of Directors. We believe this structured approach allows us to effectively manage and mitigate cybersecurity risks, safeguarding our systems and data against various digital threats. Additionally, our proactive stance is supported by cybersecurity insurance, which further reinforces our preparedness against potential cyber threats.

 

Cybersecurity Incident Reporting and Management

 

During the years ended December 31, 2022 and 2023, we have not identified any risks from cybersecurity threats that have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition. However, we remain vigilant and prepared to respond effectively to any incidents, should they arise.