89bio, Inc. 10-K Cybersecurity GRC - 2024-03-01

Page last updated on April 11, 2024

89bio, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-01 17:03:14 EST.

Filings

10-K filed on 2024-03-01

89bio, Inc. filed an 10-K at 2024-03-01 17:03:14 EST
Accession Number: 0000950170-24-024008

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity . Risk Management and Strategy We have implemented procedures for assessing, identifying and managing significant risks from cybersecurity threats and have incorporated these procedures into our overall risk management systems and processes. We regularly evaluate significant risks from cybersecurity attacks, including any potential unauthorized occurrence on or conducted through our information systems that may result in adverse effects on the confidentiality, integrity, or availability of our information systems or any information stored there. The program to manage cybersecurity risks has tools and activities designed to identify, examine and manage current and potential cybersecurity threats, as well as plans and strategies designed to deal with threats and incidents. We regularly evaluate the cybersecurity risks that could affect our information systems, as well as on an ad hoc basis when there is a significant change in how we do business that may expose our information systems to more such risks. These evaluations include identifying the possible internal and external risks, how likely and harmful they are, and whether our current policies, procedures, systems, and safeguards are adequate to handle them. We use these risk assessments to design, implement, and maintain appropriate safeguards that are intended to mitigate identified risks, address any shortcomings in our existing safeguards, and regularly check how well our safeguards work. Our information technology ( IT ) department is primarily responsible for evaluating, overseeing, and handling our cybersecurity risks to manage the process of risk assessment and mitigation. We have established a cross-functional IT Security Steering Committee that oversees the management of our cybersecurity risks and execution of any mitigation efforts. Our IT department and Company management work together to check and improve our safeguards as part of our overall risk management system. We also periodically provide training to our employees on these safeguards and keep them informed of our cybersecurity policies through regular communications across the Company. We work with consultants or other third parties as part of our risk assessment processes, when appropriate. They help us create and execute our cybersecurity policies and procedures and check and test our safeguards. We ask key third-party service providers to confirm that it can apply and keep appropriate cybersecurity measures in line with all relevant laws, to apply and keep reasonable cybersecurity measures when they work with us, and to promptly report any possible breach of their cybersecurity measures that could impact our company. We have not identified risks from known cybersecurity threats, including as a result of any previous cybersecurity incidents, that have materially affected us, including our business strategy, results of operations or financial condition, but we face certain ongoing cybersecurity risks threats that, if realized, are reasonably likely to materially affect us. For additional information regarding these risks, please refer to Item 1A, Risk Factors, We depend on our information technology systems and those of our third-party collaborators, service providers, contractors or consultants. Our internal computer systems, or those of our third-party collaborators, service providers, contractors or consultants, may fail or suffer security breaches, disruptions, or incidents, which could result in a material disruption of our development programs or loss of data or compromise the privacy, security, integrity or confidentiality of sensitive information related to our business and have a material adverse effect on our reputation, business, financial condition or results of operations in this Annual Report on Form 10-K. Governance Our board of directors oversees our overall risk management process and significant risks facing us, including cybersecurity risks. The audit committee, which is comprised solely of independent directors, has been designated by our board of directors to oversee cybersecurity risks. Our board of directors oversees and evaluates strategic risk exposure, while our executive officers manage the significant risks we encounter on a daily basis. The audit committee receives periodic briefings from our Chief Financial Officer, the Chair of the IT Security Steering Committee, regarding our cybersecurity risks and activities, including any recent cybersecurity incidents 58 and related responses, cybersecurity systems testing, and activities of third parties. Our audit committee provides periodic updates to the board of directors on such reports. The IT Security Steering Committee, which is in charge of our cybersecurity policies and procedures, including the ones discussed in Risk Management and Strategy above, is led by our Chief Financial Officer, who has eight years of senior leadership experience at public biotechnology companies, including five years with 89bio. The IT Security Steering committee also includes our Director of IT, who is an experienced Information Technology professional and has over 20 years of experience managing information technology, of which 10 years pertain to cybersecurity related experience.

Company Information