AMARIN CORP PLCUK 10-K Cybersecurity GRC - 2024-02-29

Page last updated on April 11, 2024

AMARIN CORP PLCUK reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-29 07:06:26 EST.

Filings

10-K filed on 2024-02-29

AMARIN CORP PLC\UK filed an 10-K at 2024-02-29 07:06:26 EST
Accession Number: 0000950170-24-022636

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity We recognize the importance of safeguarding the security of our computer systems, software, networks, and other technology assets. Our security efforts are aimed at preserving the confidentiality, integrity, and continued availability of information under our ownership or care with the aim to continually improve security features in order to keep pace with the evolving cyber threat landscape. Overview of Cybersecurity Risk Management and Strategy Based on our business model, we rely on the outsourcing of certain key business functions, including laboratory work, clinical research, and the manufacturing and distribution of our product. We utilize the vetted processes and procedures of these partners and ensure proper cybersecurity and risk mitigation strategies are in place and functioning, which is accessed through our Vendor Risk Assessment process prior to engaging with our partners. Our cybersecurity risk identification, assessment and management response process is a critical part of our overall enterprise risk management, or ERM, program. Within our ERM framework, we adhere to our Global Information Technology Policy, or IT Policy, among a host of other policies and procedures aimed at providing guidelines and standards to ensure the security, integrity, reliability and recoverability of our systems and infrastructure. We employ and manage various third party partnerships to help protect us from cybersecurity threats. These organizations provide services such as penetration testing, security assessments, as well as twenty-four hours per day monitoring, alerting and response, including incident responses, all of which adhere to our overall ERM framework. Our partners evaluate and rank our cybersecurity maturity and coverage as part of their services and keep us informed of emerging global threats. Our digital infrastructure undergoes both internal and external audits as part of our Sarbanes-Oxley audit process and is designed to address the requirements of applicable information security standards and an evolving cyber landscape. Board Oversight of Risks from Cybersecurity Threats Our Board of Directors has delegated to the Audit Committee oversight of risks from cybersecurity threats. The management team provides quarterly reports to the Audit Committee which cover cybersecurity and other information technology-related risks, based on our ERM framework. These quarterly updates keep the Audit Committee apprised of our ongoing cybersecurity enhancements and any emerging global threats. The Audit Committee keeps the remaining Board of Directors apprised of material risks from cybersecurity threats. Management s Role in Assessing and Managing Material Risks from Cybersecurity Threats Our Information Technology and Security team is responsible for the management, maintenance, monitoring and response of our critical internal digital assets. This team is led by our Senior Director of Global Information Technology and Security, who has 25 58 years of cyber and Enterprise IT management experience. This position monitors current cyber risk trends, engages with 3rd party cyber security experts, and meets with the Infrastructure and Security team regularly to stay apprised of internal cyber risks. Our internal cybersecurity testing and reporting processes allow us to rank our overall risk on a periodic basis to ensure we identify and respond to internal risk trends. We follow escalation procedures to ensure communication of cyber-related events. The Board and management have made cybersecurity education and training a part of our overall corporate objectives, setting the tone for the organization about the importance of cybersecurity. As of the date of this report, cybersecurity threats, including as a result of any previous cybersecurity incidents, have not materially affected or are not reasonably likely to affect the Company, including our business strategy, results of operations or financial condition. For information regarding cybersecurity risks, see our discussion above in Item 1A. Risk Factors - Risks Related to Our Business - Our internal computer systems, or those of our third party clinical research organizations or other contractors or consultants, may fail or suffer security breaches, which could result in a material disruption of our commercial, research and development and other programs .

Company Information