Prime Medicine, Inc. 10-K Cybersecurity GRC - 2024-03-01

Page last updated on April 11, 2024

Prime Medicine, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-01 08:04:30 EST.

Filings

10-K filed on 2024-03-01

Prime Medicine, Inc. filed an 10-K at 2024-03-01 08:04:30 EST
Accession Number: 0001628280-24-008116

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity We recognize the importance of assessing, identifying, and managing material risks associated with cybersecurity threats, as such term is defined in Item 106(a) of Regulation S-K. These risks include, among other things: operational risks, intellectual property theft, fraud, extortion, harm to employees and violation of data privacy or security laws. 122 Oversight and Governance Our cybersecurity risk management program is a significant part of our overall risk management program, which has been delegated by our Board of Directors to the Audit Committee of the Board of Directors ( Audit Committee ). As provided in the Audit Committee Charter, the Audit Committee is responsible for reviewing, assessing, and considering, in consultation with management and the Board, as appropriate, the overall risk management policies and procedures of the Company, including our major risk exposures such as cybersecurity. Members of our senior management, including our Chief Executive Officer, Chief Financial Officer, and leaders from our legal and information technology functions, maintain responsibility for assessing and managing cybersecurity threats. This team has deep expertise in building and leading information systems and cybersecurity teams across a variety of institutions. Risk Management and Strategy Teams of internal and third-party cybersecurity professionals oversee cybersecurity risk management, which is based on the National Institute for Standards and Technology Cybersecurity Framework: Identify Develop an organizational understanding to manage cybersecurity risk to systems, people, assets, data, and capabilities. Protect Develop and implement appropriate safeguards to ensure delivery of critical services. Detect Develop and implement appropriate activities to identify the occurrence of a cybersecurity event. Respond Develop and implement appropriate activities to take action regarding a detected cybersecurity incident. Recover Develop and implement appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident. We maintain a comprehensive process for identifying, assessing, and managing material risks from cybersecurity threats as part of our broader risk management system and processes that is centered on three key components: Identification of risks: We obtain input, as appropriate, for our cybersecurity risk management program on the security industry and threat trends from multiple external experts and internal threat intelligence teams. Assessment of threats: We assess organization vulnerabilities and the likelihood that the risk scenarios could occur, including risk assessments of our existing systems, penetration testing, and other vulnerability analyses. This assessment also extends to critical third parties, such as contract research organizations, prior to being approved to work with the company, and includes reviews of Service Organization Control Type 2 reports. Execute: Internal and third-party experts coordinate implementation of necessary security controls to prevent or reduce the risk of security vulnerabilities from being exposed. We also maintain an ongoing end-user cybersecurity awareness program that is designed to raise awareness of cybersecurity threats to reduce our vulnerability as well as to encourage consideration of cybersecurity risks across functions, including quarterly training and simulated phishing campaigns. The Audit Committee and Board of Directors receive routine updates from senior management, including leaders from our information technology and legal functions regarding matters of cybersecurity. These updates include existing and new cybersecurity risks, status on how management is addressing and mitigating those risks, cybersecurity and data privacy incidents, if any, and status on key information security initiatives.

Company Information