RAPID MICRO BIOSYSTEMS, INC. 10-K Cybersecurity GRC - 2024-03-01

Page last updated on April 11, 2024

RAPID MICRO BIOSYSTEMS, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-01 16:38:47 EST.

Filings

10-K filed on 2024-03-01

RAPID MICRO BIOSYSTEMS, INC. filed an 10-K at 2024-03-01 16:38:47 EST
Accession Number: 0001380106-24-000073

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. Risk Management and Strategy In an effort to protect our business against cybersecurity threats, we have implemented a cybersecurity risk management program that is integrated with our internal risk management processes and designed to identify and protect against cyber threats as well as to respond to and recover from cyber incidents, as applicable. Our cybersecurity risk management program is informed by industry standards, such as the National Institute of Standards and Technology (NIST) Cybersecurity Framework, and is supported by periodic internal and external information security assessments and testing. We have also established incident response policies and procedures, overseen by our Information Technology, or IT, Director, to review and classify cybersecurity incidents and to define roles and responsibilities for response and 50 Table of Contents remediation in the event of a cyber incident. We also have implemented a process to provide cybersecurity awareness training to employees during onboarding and on an annual basis thereafter. In addition, we collaborate with third-party advisory firms to periodically review and evaluate our security measures, which informs our ongoing strategy and execution of our cybersecurity program. We also leverage third-party providers to augment our internal security resources, including to support our ongoing monitoring and threat detection capabilities. We have a process to evaluate certain critical third-party providers before engagement as well as periodically thereafter, which may include a review of available audit reports, security documentation, operating controls, and industry reputation, as well as contractual requirements, as appropriate. We have not identified any cybersecurity incidents or threats that have materially affected us or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition; however, like other companies in our industry, we and our third-party vendors have from time to time experienced threats and security incidents that could affect our information or systems. For more information, please see our Risk Factors. Governance Related to Cybersecurity Risks Our board of directors considers cybersecurity risk as part of its risk oversight and has delegated the Audit Committee of the board of directors oversight of cybersecurity risks. The Audit Committee oversees management s implementation of the cybersecurity program. We have also established a process for escalation of major cyber incidents, if applicable, to be reported to the Executive Leadership Team and the Audit Committee. Additionally, we conduct periodic meetings to keep the Executive Leadership Team and Audit Committee apprised of our risk management and overall cyber strategy, as appropriate. Our IT Director leads day-to-day IT operations across all areas of the business and is responsible for advising on the strategic and operational processes related to our cyber risk management program. Our current IT Director has over 25 years of IT management experience, including over 15 years of experience in cybersecurity management in both public and private companies. In addition, we have assembled an IT Steering Committee, or ITSC, which is comprised of the Executive Leadership Team as well as IT management, to support management and to maintain visibility of the status and ongoing strategy of our cybersecurity program.

Company Information