Mind Medicine (MindMed) Inc. 10-K Cybersecurity GRC - 2024-02-28

Page last updated on April 11, 2024

Mind Medicine (MindMed) Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-28 07:20:33 EST.

Filings

10-K filed on 2024-02-28

Mind Medicine (MindMed) Inc. filed an 10-K at 2024-02-28 07:20:33 EST
Accession Number: 0000950170-24-021656

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity In the ordinary course of our business, we may collect, store, use, transmit, disclose, or otherwise process proprietary, confidential, and sensitive information, including personal information (such as health-related information), data related to clinical trials, intellectual property, and trade secrets. We depend on both our own systems, networks, and technology as well as the systems, networks and technology of our collaborative partners, third-party service providers and other business partners to safeguard our data. Cybersecurity Program Given the importance of cybersecurity to our business, we maintain a comprehensive cybersecurity program to support both the effectiveness of our systems and our preparedness for information security risks. Process for Assessing, Identifying and Managing Material Risks from Cybersecurity Threats We have implemented a risk-based approach to identify and assess the cybersecurity threats that could affect our business and information systems. We use various tools and methodologies to manage cybersecurity risk that are tested on a regular cadence. In the event of a cybersecurity incident, we maintain a regularly tested incident response program. Pursuant to the program and its escalation protocols, designated personnel are responsible for assessing the severity of an incident and associated threat, containing the threat, remediating the threat, including recovery of data and access to systems, analyzing any reporting obligations associated with the incident, and performing post-incident analysis and program enhancements. We also monitor and evaluate our cybersecurity posture and performance on an ongoing basis through regular vulnerability scans, penetration tests and threat intelligence feeds. Our information security program is tactically and strategically supplemented via partnerships and engagements with key consultants, vendors, and service providers. We also actively engage with key vendors as part of our continuing efforts to evaluate and enhance the effectiveness of our information security policies and procedures. We use a number of means to assess cyber risks related to our third-party service providers, including vendor questionnaires, vendor audits, vendor qualification, and conducting due diligence in connection with onboarding new vendors and regular vendor reviews. We require third-party service providers with access to personal, confidential or proprietary information to implement and maintain comprehensive cybersecurity practices consistent with applicable legal standards and industry best practices. Governance Management Oversight Our information security program is managed by designated information technology personnel and members of our management team, who are responsible for leading enterprise-wide cybersecurity strategy, policy, standards, architecture, and processes. The controls and processes employed to assess, identify and manage material risks from cybersecurity threats are implemented and overseen by our Information Technology team, consisting of a Director of Information Technology and external consultants. Our Information Technology team leverages over 20 years of experience in pharmaceutical and biotechnology information technology, security, and management. Our Information Technology team is responsible for the day-to-day management of the cybersecurity program, including the prevention, detection, investigation, response to, and recovery from cybersecurity threats and incidents, and are regularly engaged to help ensure the cybersecurity program functions effectively in the face of evolving cybersecurity threats. Our Information Technology team provides periodic reports to our senior management as appropriate. Board Oversight Our Board has delegated overall responsibility for risk oversight, including cybersecurity risk matters, to our Audit Committee. Our senior management provides periodic reports to our Audit Committee and our Board. These reports include updates on our cyber risks and threats, the status of projects to strengthen our information security systems, assessments of the information security program, and the emerging threat landscape. In addition, our information security program is regularly evaluated by external experts with the results of those reviews reported to senior management and our Board. 89 Cybersecurity Risks While we maintain a robust cybersecurity program, the techniques used to infiltrate information technology systems continue to evolve. Accordingly, we may not be able to timely detect threats or anticipate and implement adequate security measures. For additional information, see Item 1A Risk Factors If our information technology systems or data, or those of third parties upon which we rely, are of were compromised, we could experience adverse consequences resulting from such compromise, including regulatory investigations or actions; litigation; fines and penalties; disruptions of our business operations; reputational harm; loss of revenue or profits; and other adverse consequences. In the last three years, we did not experience any material cybersecurity incidents or threats.

Company Information