AGIOS PHARMACEUTICALS, INC. 10-K Cybersecurity GRC - 2024-02-15

Page last updated on April 11, 2024

AGIOS PHARMACEUTICALS, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-15 10:33:02 EST.

Filings

10-K filed on 2024-02-15

AGIOS PHARMACEUTICALS, INC. filed an 10-K at 2024-02-15 10:33:02 EST
Accession Number: 0001439222-24-000035

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity We have certain processes for assessing, identifying and managing cybersecurity risks, which are built into our overall information technology function and are designed to help protect our information assets and operations from internal and external cyber threats, and protect employee, collaborator and patient information from unauthorized access or attack, as well as secure our networks and systems. Such processes include physical, procedural and technical safeguards, response plans, regular tests on our systems, incident simulations and routine review of our policies and procedures to identify risks and refine our practices. We engage certain external parties, including consultants, computer security firms and risk management advisors, peer companies, industry groups and governance experts, to enhance our cybersecurity oversight including by gaining valuable insights into the ever-evolving cybersecurity landscape. We consider the internal risk oversight programs of third-party service providers before engaging them in order to help protect us from any related vulnerabilities. We do not believe that there are currently any known risks from cybersecurity threats that are reasonably likely to materially affect us or our business strategy, results of operations or financial condition. The Audit Committee of our Board of Directors provides direct oversight over cybersecurity risk, and provides updates to the Board of Directors regarding such oversight. The Audit Committee receives periodic updates from management regarding cybersecurity matters, and is notified between such updates regarding significant new cybersecurity threats or incidents. Our Vice President, Information Technology and Facilities, or the VP of IT, leads the operational oversight of company-wide cybersecurity strategy, policy, standards and processes and works across relevant departments to assess and help prepare us and our employees to address cybersecurity risks. Our VP of IT has worked in the information technology field for over 20 years at both biotechnology companies and management consulting firms, and holds a Bachelor of Science in Management and a Masters of Business Administration. We also maintain a team of experienced senior level engineers who design, implement and operate our information technology ecosystem, helping to implement cybersecurity best practices throughout our information technology infrastructure and governance processes. We periodically assess our processes against cybersecurity frameworks, such as the National Institute of Standards and Technology, or NIST, Cybersecurity Framework, Center for Internet Security, or CIS, Controls, and International Organization for Standardization, or ISO, 27001. In an effort to deter and detect cyber threats, we annually provide all employees, including part-time and temporary employees, with a data protection, cybersecurity and incident response and prevention training and compliance program, which covers timely and relevant topics, including social engineering, phishing, password protection, confidential data protection, asset use and mobile security, and educates employees on the importance of reporting all incidents immediately. We also use technology-based tools that are designed to mitigate cybersecurity risks and to bolster our employee-based cybersecurity programs.

Company Information