Theravance Biopharma, Inc. 10-K Cybersecurity GRC - 2024-03-01

Page last updated on April 11, 2024

Theravance Biopharma, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-01 16:31:02 EST.

Filings

10-K filed on 2024-03-01

Theravance Biopharma, Inc. filed an 10-K at 2024-03-01 16:31:02 EST
Accession Number: 0001558370-24-002267

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Risk Management and Strategy We recognize the importance of maintaining the trust and confidence of our investors, patients, business partners, and employees. Our board of directors are actively involved in the oversight of our risk management program, and cybersecurity represents an important component of our overall approach to enterprise risk management ( ERM ). Our cybersecurity policies, standards, processes, and practices are fully integrated into our ERM program and are based on recognized frameworks established by the National Institute of Standards and Technology, the international organization for standardization. In general, we seek to address cybersecurity risks through a comprehensive cross-functional approach that is focused on preserving the confidentiality, security, and availability of the information that we collect and store by identifying, preventing, and mitigating cybersecurity threats and effectively responding to cybersecurity incidents when they occur. Our cybersecurity program includes the following key elements: Collaborative Approach We have implemented a comprehensive cross-functional approach to identifying, preventing, and mitigating cybersecurity threats and incidents, while also implementing controls and procedures that provide for the prompt escalation of certain cybersecurity incidents so that decisions regarding the public disclosure and reporting of such incidents can be made by management in a timely manner. Technical Safeguards We deploy technical safeguards that are designed to protect our information systems from cybersecurity threats, including firewalls, intrusion prevention and detection systems, anti-malware functionality, and access controls, which are evaluated and improved through vulnerability assessments and cybersecurity threat intelligence. Incident Response and Recovery Planning We have established and maintain comprehensive incident response and recovery plans that address our response to a cybersecurity incident, and such plans are tested and evaluated on a regular basis. Third-Party Risk Management 51 Table of Contents We maintain a comprehensive risk-based approach to identifying and overseeing cybersecurity risks presented by third parties, including vendors, service providers, and other external users of our systems, as well as the systems of third parties that could adversely impact our business in the event of a cybersecurity incident affecting those third-party systems. Education and Awareness We provide regular mandatory training for employees regarding cybersecurity threats as a means to equip our employees with effective tools and education to address cybersecurity threats and to communicate our evolving information security policies, standards, processes, and practices. Governance One of the key functions of our board of directors is informed oversight of our ERM, including risks from cybersecurity threats. Our board of directors receive regular presentations and reports on our cybersecurity risks, which have pertained to a wide range of topics including recent developments, evolving standards, vulnerability assessments, third-party and independent reviews, the threat environment, technological trends, and information security considerations arising with respect to our peers and third parties. The board of directors also receive prompt and timely information regarding any cybersecurity incident that meets reporting thresholds, as well as ongoing updates regarding any such incident until it has been addressed and resolved. On an annual basis, the board of directors discuss our approach to cybersecurity risk management with management which includes our Chief Information Officer ( CIO ). Our CIO has overall operational responsibility for our cybersecurity risk management. To facilitate the success of our cybersecurity risk management program, we have an Infrastructure, Operations & Security Team ( IOS Team ) that is tasked with the responsibility to design, implement, and manage systems, processes, and policies to defend against cybersecurity threats and to respond to cybersecurity incidents. Working collaboratively across our Company, the IOS Team implements and maintains a program designed to protect our information systems from cybersecurity threats and to promptly respond to any cybersecurity incidents in accordance with our incident response and recovery plans.

Company Information