ROCKET PHARMACEUTICALS, INC. 10-K Cybersecurity GRC - 2024-02-27

Page last updated on April 11, 2024

ROCKET PHARMACEUTICALS, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-27 16:05:52 EST.

Filings

10-K filed on 2024-02-27

ROCKET PHARMACEUTICALS, INC. filed an 10-K at 2024-02-27 16:05:52 EST
Accession Number: 0000950170-24-021096

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity The Company maintains a cybersecurity risk management program designed to identify, assess, manage, mitigate, and respond to cybersecurity threats. The program is integrated within the Company s enterprise risk management framework and addresses both the corporate information technology environment and the external facing ecosystem. 65 The underlying controls of the cybersecurity risk management program are based on recognized best practices and standards for cybersecurity and information technology, including the National Institute of Standards and Technology ( NIST ) Cybersecurity Framework ( CSF ) and the International Organization for Standardization ( ISO ) 27001 Information Security Management System Requirements. The Company will have a third party perform an annual assessment of the Company s cybersecurity risk management program against the NIST CSF. The Company has a Cyber Security Operations Center monitoring our global cybersecurity environment and coordinates investigations and remediation of alerts. We are enhancing our programs for staging incident response drills to prepare support teams in the event of a significant incident. The cybersecurity risk management program includes controls for organizational processes, personnel, physical facilities and equipment, and technological controls. Our VP, Head of Information Technology is the Company s designated Chief Information Security Officer ( CISO ) and is responsible for developing and implementing the cybersecurity risk management program and reporting on cybersecurity matters to the Board. The VP, Head of Information Technology has over twenty years of experience leading cybersecurity oversight. Additionally, members of the IT security team have cybersecurity experience and\or certifications, such as the Certified Information Systems Security Professional certification and Certified Information Systems Audit certification. We view cybersecurity as a shared responsibility across our management team, and plan to periodically perform simulations and tabletop exercises at a management level and incorporate external resources and advisors as needed. All employees will be required to complete cybersecurity training at least once annually and have access to more frequent cybersecurity training through online and live events. We also require employees in certain roles to complete additional role-based, specialized cybersecurity training that is documented in our quality management system. Employees outside of our corporate information security organization also have a role in our cybersecurity defenses and they are immersed in a corporate culture supportive of security, which we believe improves our cybersecurity. Our CISO is responsible for continuously monitoring and assessing the Company s cybersecurity risk management program, informing senior management regarding the prevention, detection, mitigation, and remediation of cybersecurity incidents and supervising such efforts. The cybersecurity team collectively has decades of experience selecting, deploying, and operating cybersecurity technologies, initiatives, and processes around the world, and relies on threat intelligence as well as information obtained from governmental, public, and private sources, including external consultants engaged by the Company on a real time basis. The Company is enhancing its processes for oversight of third-party vendors, including appropriate due diligence for new providers and continuous monitoring following implementation, including ongoing direct contact with vendor personnel. Third-party vendors are re-evaluated at regular intervals as part of our supplier qualification process. The Audit Committee, in addition to the Company s General Counsel and Chief Compliance Officer, oversees the Company s cybersecurity risk exposures and the steps taken by management to monitor and mitigate cybersecurity risks. The cybersecurity team briefs the Audit Committee and General Counsel and Chief Compliance Officer on the effectiveness of the Company s cyber risk management program, generally on a quarterly basis. In addition, cybersecurity risks will be reviewed by the Board of Directors, at least annually, as part of the Company s corporate risk mapping exercise. We have not experienced any material cybersecurity incidents in the past, and we believe no cybersecurity events have occurred that have materially affected the Company or its business strategy, results of operations or financial condition. We continue to invest in the cybersecurity and resiliency of our infrastructure and the enhancement of our internal controls and processes, which are designed to help protect our systems and data, and the information they contain. For more information regarding the risks we face from cybersecurity threats, please see Risk Factors.

Company Information