Shattuck Labs, Inc. 10-K Cybersecurity GRC - 2024-02-29

Page last updated on July 16, 2024

Shattuck Labs, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-29 16:23:29 EST.


10-K filed on 2024-02-29

Shattuck Labs, Inc. filed a 10-K at 2024-02-29 16:23:29 EST
Accession Number: 0001680367-24-000014

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity In the ordinary course of our business, we collect, use, store, and transmit digitally large amounts of confidential, sensitive, proprietary, personal, and health-related information. The secure maintenance of this information and our information technology systems is important to our operations and business strategy. To this end, we have implemented processes designed to assess, identify, and manage risks from potential unauthorized occurrences on or through our information technology systems that may result in adverse effects on the confidentiality, integrity, and availability of these systems and the data residing therein. These processes are managed and monitored by dedicated information technology resources, including both company and consultant personnel, and led by our Chief Business Officer. The processes include mechanisms, controls, technologies, systems, and other processes designed to prevent or mitigate data loss, theft, misuse, or other security incidents or vulnerabilities affecting the data and maintain a stable information technology environment. For example, we conduct penetration and vulnerability testing, data recovery testing, security audits, and ongoing risk assessments of our IT environment. 52 We also conduct technology due diligence on and audits of our key vendors, CROs, and other contractors and suppliers supporting our clinical trials. We also conduct regular employee trainings on cyber and information security. In addition, we consult with experienced outside advisors and experts on a regular basis to assist with assessing, identifying, and managing cybersecurity risks. Our Chief Business Officer, who reports directly to the Chief Executive Officer, together with certain members of our senior leadership team, are responsible for assessing and managing cybersecurity risks. We consider cybersecurity, along with other significant risks that we face, within our overall enterprise risk management framework evaluated at least quarterly. In the last fiscal year, we have not identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected us, but we face certain ongoing cybersecurity risks threats that, if realized, are reasonably likely to materially affect us. Additional information on cybersecurity risks we face is discussed in Part I, Item 1A, “Risk Factors,” under the heading “Our information technology systems, or those used by our CROs or other contractors or consultants, may fail or suffer security breaches, which could materially and adversely affect our business.” The Board of Directors, as whole and at the committee level, has oversight for the most significant risks facing us and on our processes to identify, prioritize, assess, manage, and mitigate those risks. The Audit Committee, which is comprised solely of independent directors, reviews cybersecurity risks. The Audit Committee receives regular updates on cybersecurity and information technology matters and related risk exposures from our Chief Business Officer .

Company Information

NameShattuck Labs, Inc.
SIC DescriptionPharmaceutical Preparations
TickerSTTK - Nasdaq
CategoryNon-accelerated filer
Smaller reporting company
Emerging growth company
Fiscal Year EndDecember 30