Prelude Therapeutics Inc 10-K Cybersecurity GRC - 2024-02-15

Page last updated on April 11, 2024

Prelude Therapeutics Inc reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-15 17:22:26 EST.

Filings

10-K filed on 2024-02-15

Prelude Therapeutics Inc filed an 10-K at 2024-02-15 17:22:26 EST
Accession Number: 0000950170-24-016016

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy We are increasingly dependent upon information technology systems, infrastructure and data to operate our business. These systems are connected to and/or accessed from the Internet and, as a result, are susceptible to cyber-attacks. In the ordinary course of business, we collect, store and transmit confidential information (including but not limited to intellectual property, proprietary business information and personal information). It is critical that we do so in a secure manner to maintain the confidentiality and integrity of such confidential information. A material cyber-attack on our systems, or any other third-party partners or vendors and their key operating systems, may interrupt our ability to operate our business, damage our reputation, or result in monetary damages. Prelude has established an Information Security Policy (“IS Policy”) in order to establish the high-level direction for properly managing the use, privacy, security, retention, and disposal of Prelude s information and its assets. The IS Policy was prepared using relevant guidance issued and technology standards that are used across various industries. The IS policy applies to all entities who are using Prelude s equipment and resources, including but not limited to: employees, contractors, temporary workers, any third parties with access to the Prelude’s resources, and cloud IT providers. Prelude’s Head of Information Technology (“IT”) also serves as our Information Security Officer and is primarily responsible for implementing and overseeing the IS Policy and identifying, measuring, monitoring, and reporting on key enterprise-wide risks, including cybersecurity risks. Prelude has also established an Incident Response Policy which includes reporting thresholds and follows standardized identification and authentication practices. If an incident is identified, it is documented by Prelude’s Head of IT, who in turn, will report the incident to necessary management members. Board Governance and Management Prelude s Information Security Officer provides updates on information technology risks, controls and procedure, including Prelude s plans to mitigate cybersecurity risks and respond to data breaches to Prelude’s executive leadership team. Our Information Security Officer has over 20 years of experience in information security and possesses the requisite education, skills, experience, and industry certifications expected of an individual assigned to these duties. The Chief Financial Officer and the Chief Legal Officer report to the Chair of the Audit Committee prompt and timely information regarding any significant cybersecurity incident. The significant incident will be reported to the remaining Audit Committee members, as well as ongoing updates regarding any such incident until it has been addressed. Such incidents, as warranted, will be reviewed by the Board of Directors. The Board of Directors has delegated responsibility for cybersecurity risk oversight to the Audit Committee, which is responsible for (i) regularly reviewing with management significant cybersecurity, privacy, and IT risks or exposures, and the Company s policies and processes with respect to risk assessment and risk management of the same; (ii) regularly reviewing with management an assessment of the steps management has taken to monitor and control such risks; and (iii) regularly reporting to the full Board of Directors on such matters. The Chair of the Audit Committee has expertise in risk management which includes IT and cybersecurity. Notwithstanding the approach we take to cybersecurity, we may not be successful in preventing or mitigating a cybersecurity incident that could have a material adverse effect on us. See Item 1A. Risk Factors for a discussion of cybersecurity risks.

Company Information