IO Biotech, Inc. 10-K Cybersecurity GRC - 2024-03-05

Page last updated on July 16, 2024

IO Biotech, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-05 17:17:17 EST.


10-K filed on 2024-03-05

IO Biotech, Inc. filed a 10-K at 2024-03-05 17:17:17 EST
Accession Number: 0000950170-24-026275

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management, Strategy and Governance Risk Management and Strategy We regularly assess risks from cybersecurity threats, monitor our information systems for potential vulnerabilities, and test those systems pursuant to our information and cybersecurity policies, processes, and practices. We maintain a Cybersecurity Incident Response Plan that establishes an incident response team led by our Head of Information Technology and describes our response protocol for cybersecurity incidents. To help protect our information systems from cybersecurity threats, we use various security tools that are designed to help identify, escalate, investigate, resolve, and recover from security incidents in a timely manner. Assessment of cybersecurity threats is included as part of our overall risk management processes. We have engaged consultants and other third parties to assist in our assessment of risks from cybersecurity threats and to evaluate our cybersecurity prevention and response systems and processes. At times, we may engage third parties to assist in the management and mitigation of a particular threat. We are requiring each of our significant third-party service providers to agree that it will implement and maintain appropriate security measures that are consistent with applicable law, implement and maintain reasonable security measures in connection with their work with us, and promptly report any suspected breach of its security measures that may affect our company. Governance Our board of directors, as a whole and through the Audit Committee, is responsible for the oversight of risk management, including oversight of risks from cybersecurity threats, and discusses with management our major risk exposures, including from cybersecurity threats, their potential impact on us, and the steps we take to manage them. Our Head of Information Technology, reporting to our Chief Financial Officer, has day-to-day responsibility for preventing, detecting, mitigating and remediating cybersecurity risks. The individual currently serving in this role has over twenty years of experience in information technology and cybersecurity. Our Head of Information Technology leads an incident response team that includes members of executive management, including members of our legal team, and is charged with assessing and managing material cybersecurity risks, and with notifying our executive management committee and disclosure committee of potential material cybersecurity incidents. Executive management provides updates on our cybersecurity risk profile to our Audit Committee on at least a quarterly basis. Cybersecurity Threats As of the date of this report, we have not identified cybersecurity threats, including as a result of any previous cybersecurity incidents, that have materially affected us, including our business strategy, results of operations or financial condition. We and our third-party service providers have, however, been the target of cybersecurity threats and we expect these threats to continue. For additional information regarding risks from cybersecurity threats, please refer to Item 1A, “Risk Factors,” in this annual report on Form 10-K. Item 1D. Section 16 Officers and Directors Rule 10b5-1 Plan. None.

Company Information

NameIO Biotech, Inc.
SIC DescriptionPharmaceutical Preparations
TickerIOBT - Nasdaq
Emerging growth company
Fiscal Year EndDecember 30