Voyager Therapeutics, Inc. 10-K Cybersecurity GRC - 2024-02-28

Page last updated on July 16, 2024

Voyager Therapeutics, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-28 16:01:51 EST.


10-K filed on 2024-02-28

Voyager Therapeutics, Inc. filed a 10-K at 2024-02-28 16:01:51 EST
Accession Number: 0001558370-24-001988

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY We have certain processes for assessing, identifying and managing cybersecurity risks, which are built into our overall risk management program/information technology function. These processes are designed to help protect our information assets and operations from internal and external cyber threats, protect employee, vendor, and collaborator information from unauthorized access or attack, and secure our networks and systems. They include physical, procedural and technical safeguards, response plans, regular tests on our systems, incident simulations, and routine review of our policies and procedures to identify risks and improve our cybersecurity risk management practices. We engage certain external parties, including consultants with expertise in information security, cybersecurity incident response, and governance, to enhance our cybersecurity oversight. We consider the internal risk oversight programs of third-party information technology service providers before engaging them in order to help protect us from any related vulnerabilities. Our Board of Directors does not believe that there are currently any known risks from cybersecurity threats that are reasonably likely to materially affect us or our business strategy, results of operations or financial condition. Our Audit Committee provides direct oversight over cybersecurity risk, and provides updates to the Board of Directors regarding such oversight. The Audit Committee receives updates from management twice a year regarding cybersecurity matters and is notified between such updates regarding significant new cybersecurity threats or incidents. Our Vice President of Information Technology leads operational oversight of company-wide cybersecurity strategy, policy, standards, and processes, and works across the relevant departments to assess and help prepare us to address cybersecurity risks. Additionally, our Vice President of Information Technology participates in management’s semi-annual updates to the Audit Committee. In the event of a cybersecurity incident, our Vice President of Information Technology works with our information technology department and appropriate representatives of other affected departments to assess and respond to the incident, and to determine whether internal and external reporting of the incident is merited under the circumstances. Our Vice President of Information Technology has more than 15 years of experience managing cybersecurity, including service as the Chief Information Security Officer for a multi-national company in the specialty materials industry. He has experience with compliance programs for cybersecurity-related regulations and standards such as the European Union’s General Data Protection Regulation, The Payment Card Industry Data Security Standard (PCI-DSS), and the U.S. Food and Drug Administration’s regulations on electronic records and electronic signatures. He has also participated in Gartner cybersecurity programs and conferences and received training in the identification and prevention of cyber threats such as spam, phishing, spear-phishing, malware, and social engineering. In an effort to deter and detect cyber threats, we annually provide all of our personnel, including full-time and part-time employees and temporary staff, with a data protection, cybersecurity and incident response and prevention training and compliance program, which covers timely and relevant topics, including social engineering, phishing, password protection, confidential data protection, asset use and mobile security, and the importance of reporting all incidents immediately. We also use technology-based tools to mitigate cybersecurity risks and to bolster our employee-based cybersecurity programs. We have implemented a proactive cybersecurity monitoring program that is designed to achieve threat detection and swift response, which includes the use of best-in-class tools to mitigate vulnerabilities and protect our information assets and operations. We also utilize a stringent endpoint security practice, geo-fencing and geo-blocking on firewalls, and automatic prioritization of emails to enable our information technology department to efficiently prioritize response to the most dangerous threats.

Company Information

NameVoyager Therapeutics, Inc.
SIC DescriptionBiological Products, (No Diagnostic Substances)
TickerVYGR - Nasdaq
CategoryNon-accelerated filer
Smaller reporting company
Fiscal Year EndDecember 30