FATE THERAPEUTICS INC 10-K Cybersecurity GRC - 2024-02-26

Page last updated on April 11, 2024

FATE THERAPEUTICS INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-26 16:10:56 EST.

Filings

10-K filed on 2024-02-26

FATE THERAPEUTICS INC filed an 10-K at 2024-02-26 16:10:56 EST
Accession Number: 0000950170-24-020158

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. Cybersecurity We have implemented and maintain a cybersecurity risk management program that includes processes for the identification, assessment, and mitigation of cybersecurity risks. We conduct annual cybersecurity training for all of our employees and periodically engage third-party consultants to conduct penetrating testing and vulnerability assessments. Additionally, we use automated tools designed to monitor, identify, and address cybersecurity risks. Further, we have a process to evaluate and review the cybersecurity practices of our key vendors prior to onboarding, including through a general security assessment and contractual requirements, as appropriate. We face a number of cybersecurity risks in connection with our business. Although such risks have not materially affected us, including our business strategy, results of operations or financial condition, to date, we have, from time to time, experienced threats to and breaches of our data and systems, including malware and computer virus attacks. For more information about the cybersecurity risks we face, see the risk factor entitled Our internal computer systems, or those used by our third-party research institution collaborators, CROs or other contractors or consultants, may fail or suffer security breaches in Item 1A- Risk Factors. Governance Related To Cybersecurity Risks Our cybersecurity process is overseen by our Information Technology department, which is managed by our Head of IT. The Head of IT role is currently held by an individual who has approximately two decades of professional IT management experience. In addition, our Security Leadership Team (SLT), which is comprised of the Head of IT as well as leaders from our operations, finance, and legal departments, is responsible for documenting, reviewing, and assessing our cybersecurity processes, monitoring for cybersecurity incidents, and periodically reporting on cybersecurity risks and risk management to a committee of our executive team (Executive Committee). The Executive Committee, which is led by our Chief Financial Officer, undertakes reviews of our cybersecurity program and assesses any security incident updates from the SLT on a quarterly basis. The Executive Committee meets with the Audit Committee of our Board of Directors on a quarterly basis to report on and discuss material updates to our cybersecurity program. The Audit Committee provides oversight of our cybersecurity program as part of its periodic review of enterprise risk management and provides regular reports to our Board of Directors regarding our cybersecurity processes, including updates on the status of ongoing cybersecurity projects, the results of cybersecurity risk assessments, and the emerging cybersecurity threat landscape. Additionally, the Board of Directors reviews the enterprise risk management program on at least an annual basis.

Company Information