LifeStance Health Group, Inc. 10-K Cybersecurity GRC - 2024-02-28

Page last updated on July 16, 2024

LifeStance Health Group, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-28 16:23:00 EST.


10-K filed on 2024-02-28

LifeStance Health Group, Inc. filed a 10-K at 2024-02-28 16:23:00 EST
Accession Number: 0000950170-24-022131

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity The Company has adopted processes designed to identify, assess and manage material risks from cybersecurity threats. Those processes include response to and an assessment of internal and external threats to the security, confidentiality, integrity and availability of company data and systems along with other material risks to company operations, at least annual or whenever there are material changes to the Company’s systems or operations. Our business strategy, results of operations and financial condition have not been materially affected by risks from cybersecurity threats, including as a result of previously identified cybersecurity incidents, but we cannot provide assurance that they will not be materially affected in the future by such risks or any future material breaches. As part of our risk management process, the Company engages outside providers to conduct periodic penetration testing and other cybersecurity audits. The Company stores company data in cloud environments with security appropriate to data involved and has adopted controls around, among other things, vendor risk assessment, information classification, access and acceptable use and backup and recovery. The Senior Vice President of IT Security (“SVP of IT Security”) has over 35 years of experience in the informational technology field, with 18 years of healthcare IT experience with an emphasis in IT security and computer forensics. The SVP of IT Security has operational responsibility for ensuring the adequacy and effectiveness of the company’s risk management, control and governance processes, who periodically reports to the Operational Risk Committee (“ORC”), responsible for applying the policy decisions and, in coordination with the Chief Digital Officer and Chief Executive Officer, reports to the Board at least annually or more regularly at the discretion of the ORC. The Company’s audit committee is briefed on cybersecurity risks at least once each calendar year and also receives prompt and timely information regarding any cybersecurity incident that meets established reporting thresholds. The SVP of IT Security reports quarterly to the Company’s audit committee and such report addresses overall assessment of the Company’s compliance with this and other cybersecurity policies, including topics such as risk assessment, risk management and control decisions, service provider arrangements, test results, security incidents and responses, recommendations for changes and/or updates to policies and procedures.

Company Information

NameLifeStance Health Group, Inc.
SIC DescriptionServices-Health Services
TickerLFST - Nasdaq
CategoryLarge accelerated filer
Fiscal Year EndDecember 30