IOVANCE BIOTHERAPEUTICS, INC. 10-K Cybersecurity GRC - 2024-02-28

Page last updated on April 11, 2024

IOVANCE BIOTHERAPEUTICS, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-28 17:15:45 EST.

Filings

10-K filed on 2024-02-28

IOVANCE BIOTHERAPEUTICS, INC. filed an 10-K at 2024-02-28 17:15:45 EST
Accession Number: 0001558370-24-002036

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity We operate in the biopharmaceutical sector, which is subject to various cybersecurity risks that could adversely affect our business, financial condition, and the results of operations, including intellectual property theft, fraud, extortion, harm to employees, third party vendors or customers, violation of privacy laws and other litigation and legal risk, and reputational risk. Risk Management and Strategy We have processes in place for assessing, identifying, and managing material risks from cybersecurity threats, which are integrated into our overall risk management processes. These processes include identifying and assessing risks from cybersecurity threats associated with the use of third-party service providers, if any. The response to any cybersecurity incident detected or reported is led by our Computer Security Incident Response Team, or the CSIRT, to assess the nature and magnitude of event and classify severity in accordance with our internal policies and procedures. Depending on the severity of the incident, appropriate level of management members, including our Chief Executive Officer, Chief Financial Officer, external legal counsel, and certain members of the finance and investor relations organizations, will be notified and take appropriate actions. In addition, the Information Technology, or IT, team provides periodic reports to the Chief Executive Officer and other members of our senior management, as appropriate, and provides periodic reports to the Audit Committee of the Board of Directors as needed. These reports include updates on our cyber risks and threats as well as the status of previously identified and/or reported cybersecurity incidents, if any. We also actively engage with key vendors, 83 Table of Contents industry participants and intelligence and law enforcement communities as part of continuing efforts to evaluate and enhance the effectiveness of our information security policies and procedures. We use various tools and methodologies to assess, identify, and manage material risks from cybersecurity threats that are tested on a regular cadence. We also monitor and evaluate our cybersecurity posture and performance on an ongoing basis through regular vulnerability scans, penetration tests and use of threat intelligence feeds. The results of these activities and any key actions are reported at least once per quarter and more frequently as needed to the Audit Committee of the Board of Directors, our Chief Executive Officer, and key members of senior management. Our employees are also required to certify their understanding and completion of training for our cybersecurity policies. As of the date of this report, we are not aware of any material risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, that have materially affected our business strategy, results of operations, or financial condition. However, as discussed under Risk Factors in Part I, Item 1A of this Annual Report, cybersecurity threats pose multiple risks to us, including potentially to our results of operations and financial condition. Refer to Item 1A Our internal computer systems, or those used by our contract research organizations or other contractors or consultants, may fail or suffer security breaches and We are dependent on information technology, systems, infrastructure and data , which are incorporated by reference into this Item 1C. As cybersecurity threats become more sophisticated and coordinated, it is reasonably likely that we will be required to expend greater resources to continue to modify and enhance our protective measures as we pursue our business strategies. Governance: Board of Directors The Audit Committee operates under a written charter adopted by the Company s Board of Directors. The Audit Committee oversees, among other things, a system of internal controls, including internal controls designed to assess, identify, and manage material risks from cybersecurity threats. The Audit Committee is also responsible for the adequacy and effectiveness of the Company s internal controls, including those internal controls that are designed to assess, identify, and manage material risks from cybersecurity threats. For further information about the Audit Committee s role in assessing and managing the registrant s material risks from cybersecurity threats, see Risk Management and Strategy, under this Item 1C. Management Our team of cybersecurity professionals is led by our Vice President, Infrastructure and Security, who along with other members of the IT team collectively over extensive experience in the cybersecurity space in both the pharmaceutical and non-pharmaceutical sectors, many of whom have obtained professional security certifications. The IT team has primary responsibility for our overall cybersecurity risk management program and supervises both our internal cybersecurity personnel and our retained external cybersecurity consultants. For further information about Management s role in assessing and managing the registrant s material risks from cybersecurity threats, see Risk Management and Strategy, under this Item 1C.
Item 1C. As cybersecurity threats become more sophisticated and coordinated, it is reasonably likely that we will be required to expend greater resources to continue to modify and enhance our protective measures as we pursue our business strategies. Governance: Board of Directors The Audit Committee operates under a written charter adopted by the Company s Board of Directors. The Audit Committee oversees, among other things, a system of internal controls, including internal controls designed to assess, identify, and manage material risks from cybersecurity threats. The Audit Committee is also responsible for the adequacy and effectiveness of the Company s internal controls, including those internal controls that are designed to assess, identify, and manage material risks from cybersecurity threats. For further information about the Audit Committee s role in assessing and managing the registrant s material risks from cybersecurity threats, see Risk Management and Strategy, under this Item 1C. Management Our team of cybersecurity professionals is led by our Vice President, Infrastructure and Security, who along with other members of the IT team collectively over extensive experience in the cybersecurity space in both the pharmaceutical and non-pharmaceutical sectors, many of whom have obtained professional security certifications. The IT team has primary responsibility for our overall cybersecurity risk management program and supervises both our internal cybersecurity personnel and our retained external cybersecurity consultants. For further information about Management s role in assessing and managing the registrant s material risks from cybersecurity threats, see Risk Management and Strategy, under this Item 1C.
Item 1C. Management Our team of cybersecurity professionals is led by our Vice President, Infrastructure and Security, who along with other members of the IT team collectively over extensive experience in the cybersecurity space in both the pharmaceutical and non-pharmaceutical sectors, many of whom have obtained professional security certifications. The IT team has primary responsibility for our overall cybersecurity risk management program and supervises both our internal cybersecurity personnel and our retained external cybersecurity consultants. For further information about Management s role in assessing and managing the registrant s material risks from cybersecurity threats, see Risk Management and Strategy, under this Item 1C.
Item 1C.

Company Information