NewAmsterdam Pharma Co N.V. 10-K Cybersecurity GRC - 2024-02-28

Page last updated on April 11, 2024

NewAmsterdam Pharma Co N.V. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-28 08:00:22 EST.

Filings

10-K filed on 2024-02-28

NewAmsterdam Pharma Co N.V. filed an 10-K at 2024-02-28 08:00:22 EST
Accession Number: 0000950170-24-021668

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity As part of our ongoing company-wide risk assessment, our management team has identified several key categories of cybersecurity risk to which we are exposed, including, (i) data security risks, (ii) malware and phishing attacks, (iii) insider and third-party risks, (iv) infrastructure and network risks and (v) regulatory and compliance risks. We identified the above risks based on an analysis of our business and a technical analysis by our information and communications technology ( ICT ) consultants of our most critical business activities and associated vulnerabilities. We review our systems against specified security metrics to ensure they are satisfactory, monitor our third-party vendors and partners, participate in threat intelligence sharing, have developed mechanisms designed to detect deviations in our systems, have implemented information technology protocols to control access to our systems and information, provide security awareness trainings, and proactively patch known vulnerabilities. We are working with third-party consultants to build our cybersecurity incident detection processes, including taking the steps described above, and are also working with our vendors and partners to ensure that we are made aware of any cybersecurity incident they experience that may impact our business promptly. In addition, we maintain policies and processes to assess and manage risks relating to third-party service providers, including based on the nature of the engagement with the third party and based on the information and information systems to which the third party will have access. We maintain policies to conduct due diligence before onboarding new service providers and maintain ongoing evaluations to ensure compliance with our security standards. Our management team, along with ICT consultants and other advisors, will conduct a risk assessment on at least an annual basis in order to ensure we are appropriately managing known cybersecurity risks and discovering any potentially new risks. To date, we have not identified any material impact on our business strategy, results of operations or financial condition resulting from the cybersecurity risks described above. However, there can be no assurances that the steps we take will be sufficient to avoid a cybersecurity incident and, if an incident were to occur, our business may be materially impacted as a result of any costs associated with remediating a cybersecurity incident or resolving litigation or regulatory enforcement actions as a result such incident, or potential delays to our clinical trials or release of data as a result of an incident impacting our internal systems or those of the CROs on whom we rely to conduct our clinical trials and gather data from such trials. Furthermore, the realization of any of the risks described above could seriously harm our reputation making it more difficult to recruit patients and CROs, conduct clinical trials, obtain regulatory approvals for our current or future product candidates or generate partnering opportunities. Our Audit Committee oversees the application of our ICT systems and all risks relating to cybersecurity. Cybersecurity is a standing agenda item at each of the Audit Committee s regularly scheduled meetings and the committee may engage any external advisor as needed to advise on cybersecurity matters. The Audit Committee periodically reports on such matters to the Board of Directors as part of our overall risk management and oversight framework. We have also established a management-level disclosure committee (the Disclosure Committee ). The Disclosure Committee is responsible for overseeing the preparation of our public disclosure materials and assessing the materiality of events within the Company. The Disclosure Committee is also responsible for conducting our cybersecurity risk assessment and ensures constituencies from across the Company are represented in such assessment. The Disclosure Committee monitors cybersecurity incidents and risk on an ongoing basis and may engage outside consultants as needed to assess and respond to cybersecurity incidents. The Disclosure Committee reports to the Audit Committee on a variety of matters, including cybersecurity risks. The Disclosure Committee consists of employees representing our legal, finance, regulatory and clinical departments. We have also engaged a third party to provide technical information technology experience to the Disclosure Committee, Audit Committee and Board of Directors.

Company Information