XML 45 R24.htm IDEA: XBRL DOCUMENT v3.25.1
CYBERSECURITY RISK MANAGEMENT AND STRATEGY DISCLOSURE
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Abstract]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
Risk Management and Strategy

We recognize the importance of managing the material risks of cybersecurity threats, and we have implemented processes for identifying and assessing cybersecurity risks and incidents. We have also integrated these processes into our overall risk management system, including senior management’s periodic reviews of cybersecurity risks or threats. Senior management oversees and works closely with our IT department to continuously review and evaluate cybersecurity risks in alignment with our business goals and needs.


With respect to cybersecurity risks and threats, we utilize various third-party consultants and advisors to assist us with regular reviews, internal audits and best practices, including threat prevention and detection, security reviews and enhancements, penetration testing and full scope IT audits. ADMA also has strict processes in place for the review of third-party service providers engaged, including thorough security assessments before engagement and annual monitoring of their IT environments and controls.


During the year ended December 31, 2023, as initially disclosed in our Quarterly Report on Form 10-Q for the period ending June 30, 2023 and updated elsewhere in our subsequent filings with the SEC, we experienced an IT systems disruption, which did result in a non-recurring charge to our results of operations. There was no original financial systems data loss or any evidence of data exfiltrated due to this disruption. Normal course operations quickly resumed across the Company’s business units.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] We have also integrated these processes into our overall risk management system, including senior management’s periodic reviews of cybersecurity risks or threats. Senior management oversees and works closely with our IT department to continuously review and evaluate cybersecurity risks in alignment with our business goals and needs.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]

During the year ended December 31, 2023, as initially disclosed in our Quarterly Report on Form 10-Q for the period ending June 30, 2023 and updated elsewhere in our subsequent filings with the SEC, we experienced an IT systems disruption, which did result in a non-recurring charge to our results of operations. There was no original financial systems data loss or any evidence of data exfiltrated due to this disruption. Normal course operations quickly resumed across the Company’s business units.
Cybersecurity Risk Board of Directors Oversight [Text Block]
Governance

Our President and Chief Executive Officer and Chief Operating Officer are primarily responsible for timely updating the Board and Audit Committee about any material cybersecurity incidents or threats or any cybersecurity related issues worthy of their attention.


Our Board has designated the Audit Committee as the primary committee responsible for reviewing and managing cybersecurity risks and threats at ADMA. The Audit Committee is comprised of Board members with diverse experience in healthcare, finance and information technology, enabling them to effectively oversee cybersecurity risks and threats. Our management team, with assistance from third-party consultants or advisors as appropriate, provides quarterly updates regarding cybersecurity risks and threats to the Audit Committee and ad hoc updates or communications are provided to the entire Board as needed.


The Data Integrity and IT Operations team are primarily responsible for the timely identification, review, severity assessment and management of cybersecurity incidents. In the event of a cybersecurity incident, the IT Department leadership follows the procedures outlined in our Cybersecurity Incident Response Policy and works closely with management to form a Security Incident Response Team comprised of members from the appropriate functional teams. In accordance with this policy, senior management will also communicate the occurrence of any significant cybersecurity incidents to our Board, Audit Committee and auditors on a timely basis and will keep them informed of the remediation plans and progress.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] Our Board has designated the Audit Committee as the primary committee responsible for reviewing and managing cybersecurity risks and threats at ADMA.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] Our management team, with assistance from third-party consultants or advisors as appropriate, provides quarterly updates regarding cybersecurity risks and threats to the Audit Committee and ad hoc updates or communications are provided to the entire Board as needed.
Cybersecurity Risk Role of Management [Text Block]

The Data Integrity and IT Operations team are primarily responsible for the timely identification, review, severity assessment and management of cybersecurity incidents. In the event of a cybersecurity incident, the IT Department leadership follows the procedures outlined in our Cybersecurity Incident Response Policy and works closely with management to form a Security Incident Response Team comprised of members from the appropriate functional teams. In accordance with this policy, senior management will also communicate the occurrence of any significant cybersecurity incidents to our Board, Audit Committee and auditors on a timely basis and will keep them informed of the remediation plans and progress.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] The Data Integrity and IT Operations team are primarily responsible for the timely identification, review, severity assessment and management of cybersecurity incidents.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] The Audit Committee is comprised of Board members with diverse experience in healthcare, finance and information technology, enabling them to effectively oversee cybersecurity risks and threats.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]

The Data Integrity and IT Operations team are primarily responsible for the timely identification, review, severity assessment and management of cybersecurity incidents. In the event of a cybersecurity incident, the IT Department leadership follows the procedures outlined in our Cybersecurity Incident Response Policy and works closely with management to form a Security Incident Response Team comprised of members from the appropriate functional teams. In accordance with this policy, senior management will also communicate the occurrence of any significant cybersecurity incidents to our Board, Audit Committee and auditors on a timely basis and will keep them informed of the remediation plans and progress.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true