Kiniksa Pharmaceuticals, Ltd. 10-K Cybersecurity GRC - 2024-02-28

Page last updated on April 11, 2024

Kiniksa Pharmaceuticals, Ltd. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-28 16:16:09 EST.

Filings

10-K filed on 2024-02-28

Kiniksa Pharmaceuticals, Ltd. filed an 10-K at 2024-02-28 16:16:09 EST
Accession Number: 0001558370-24-002005

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY We have implemented processes to identify and assess the cybersecurity threats that could affect our business and information systems and we use various tools and methodologies to test our cybersecurity defenses on a regular basis. As part of this process, we perform regular vulnerability scans and penetration tests and engage third party experts to perform evaluations of our strengths and vulnerabilities. In addition, we perform an annual enterprise risk assessment procedure that evaluates business continuity risks, including an evaluation of cybersecurity risks. The results of these evaluations, along with recommendations for improvements and remediations to our cybersecurity program, if deemed necessary, are periodically reported to senior management and the audit committee of our board of directors, which is tasked with oversight of our cybersecurity program. Reports provided to our senior management and audit committee include updates on our cyber risks and threats, the status of projects to strengthen our information technology systems and assessments of our cybersecurity program. Our senior management and audit committee use the results from these evaluations and reports as part of their risk assessment and decision-making functions. We require that all employees, consultants and third party contractors adhere to our cybersecurity policies. Key third party contractors undergo a qualification process under our quality management programs (including cGMP and GCP) wherein we assess, among other things, their cybersecurity risk profile. Third party contractors, such as CROs and information technology service providers, that handle sensitive data, including patient data, are subjected to increased scrutiny. Based on identified risks, we may periodically review and reassess our third party contractors on an ongoing basis. Our cybersecurity program is overseen by our head of information technology, who has significant experience in the information technology space. Our information technology team is responsible for leading our cybersecurity strategy, policy, standards, architecture and processes. Such team is responsible for the identification and reporting of risks to our management and board, as described above. Our information technology team maintains a security operations center intended to identify anomalous activity. Further, our policies require all employees to notify our compliance, legal or information technology functions in the event of a cybersecurity incident. We have not experienced a material data breach or failure of our cybersecurity program. Our business depends on the availability, reliability and security of our and our third party contractors information systems, networks and data. Various risks arising out of a cyberattack, security breach or a failure on our or our third party contractors part to maintain an adequate cybersecurity program could adversely affect our business, financial condition, and results of 112 Table of Contents operations. See Risk Factors General Risk Factors Our information technology systems, or those of our third party CDMOs, CROs, specialty pharmacies, third party logistics providers and other contractors, consultants and service providers, may fail or suffer cyberattacks or security breaches, which could result in a material disruption of our or such third party s business or operations, impede our development programs for our product candidates or materially impact our ability to commercialize our products.

Company Information