Schrodinger, Inc. 10-K Cybersecurity GRC - 2024-02-28

Page last updated on April 11, 2024

Schrodinger, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-28 16:11:33 EST.

Filings

10-K filed on 2024-02-28

Schrodinger, Inc. filed an 10-K at 2024-02-28 16:11:33 EST
Accession Number: 0001490978-24-000018

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. We have certain processes for assessing, identifying and managing cybersecurity risks, which are built into our overall information technology function and are designed to help protect our information assets and operations from internal and external cyber threats, as well as secure our networks and systems. Such processes include physical, procedural and technical safeguards, response plans, regular tests on our systems, incident simulations and routine review of our policies and procedures to identify risks and refine our practices. We engage certain external parties, including consultants, computer security firms and risk management advisors, peer companies, industry groups and governance experts, to enhance our cybersecurity oversight. We consider the internal risk oversight programs of third-party service providers before engaging them in order to help protect our company from any related vulnerabilities. As part of our overall risk mitigation strategy, we also maintain cybersecurity insurance coverage; however, such insurance may not be sufficient in type or amount to cover us against claims related to security breaches, cyber-attacks and other related breaches. We do not believe that there are currently any known risks from cybersecurity threats that are reasonably likely to materially affect our company or our business strategy, results of operations or financial condition. The audit committee of our board of directors provides direct oversight over cybersecurity risk and provides regular updates to the board of directors regarding such oversight. The audit committee receives periodic updates from management regarding cybersecurity matters and is notified between such updates regarding significant new cybersecurity threats or incidents. Our vice president of information security leads the operational oversight of company-wide cybersecurity strategy, policy, standards and processes and works across relevant departments to assess and help prepare our company and our employees to address cybersecurity risks, including phishing attacks, ransomware, data breaches, and insider threats. Our vice president of information security has over 15 years of information security experience, including in developing, overseeing and managing information technology and information security teams. He has been with our company since 2017 and has served as our vice president of information security since April 2023. He previously served as our executive director of information security from January 2022 through April 2023, senior director of information security from February 2019 through January 2022 and director of information security from June 2017 through February 2019. Prior to joining our company, our vice president of information security worked at several technology companies and served in roles of increasing responsibility with respect to information security during his tenure. In an effort to deter and detect cyber threats, we annually provide all employees, including part-time and temporary employees, with a cybersecurity awareness program, which covers timely and relevant topics, including social engineering and phishing, and educates employees on the importance of reporting all incidents immediately. We also use technology-based tools to mitigate cybersecurity risks throughout our information security systems. These tools are integrated into our comprehensive security framework, used to bolster our employee-based cybersecurity programs and are regularly updated to respond to evolving threats.

Company Information