MARINUS PHARMACEUTICALS, INC. 10-K Cybersecurity GRC - 2024-03-05

Page last updated on April 11, 2024

MARINUS PHARMACEUTICALS, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-05 16:14:45 EST.

Filings

10-K filed on 2024-03-05

MARINUS PHARMACEUTICALS, INC. filed an 10-K at 2024-03-05 16:14:45 EST
Accession Number: 0001558370-24-002479

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. We are increasingly dependent on sophisticated software applications and computing infrastructure to conduct key operations. We depend on both our own systems, networks, and technology as well as the systems, networks and technology of our contractors, consultants, vendors and other business partners. Cybersecurity Program Given the importance of cybersecurity to our business, we maintain a robust cybersecurity program to support both the effectiveness of our systems and our preparedness for information security risks. This program includes several safeguards, such as password protection; multi-factor authentication; continuous monitoring and alerting systems for internal and external threats; regular evaluations of our cybersecurity program, including periodic audits and incident response simulations; and industry benchmarking. We also require cybersecurity trainings when onboarding new employees and contractors, as well as annual cybersecurity awareness training for our employees and contractors. Our 97 Table of Contents program leverages industry frameworks, including the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) to strengthen our program effectiveness and reduce cybersecurity risks. We use a risk-based approach with respect to our use and oversight of third-party service providers. We use a number of means to assess cyber risks related to our third-party service providers, including providing our code of conduct to our vendors and conducting due diligence in connection with onboarding new vendors. Process for Assessing, Identifying and Managing Material Risks from Cybersecurity Threats In the event of a cybersecurity incident, we maintain a cybersecurity incident response program. Pursuant to the program and its procedures, a Security Incident Response team (SIRT), which is a team lead by the Head of IT and comprised of cross-functional personnel, is responsible for handling potential cybersecurity incidents. We also maintain business continuity and disaster recovery plans in the event of a significant cybersecurity incident. We have relationships with a number of third-party service providers to assist with cybersecurity event and incident identification, response, containment and remediation efforts. Governance Management Oversight The controls and processes employed to assess, identify and manage material risks from cybersecurity threats are implemented and overseen by our Chief Financial and Operating Officer. Our Head of IT is responsible for the day-to-day management of the cybersecurity program and provides regular briefings for our senior management team on cybersecurity matters, including threats, events, and program enhancements. Board Oversight While the Board of Directors has overall responsibility for risk oversight, our Audit Committee oversees cybersecurity risk matters and reports up to the full Board of Directors. The Audit Committee is responsible for reviewing, discussing with management, and overseeing the Company s data privacy, information technology and security and cybersecurity risk exposures. The Head of IT updates the Chief Financial and Operating Officer who apprises the Audit Committee and Board of Directors of cybersecurity incidents consistent with our cybersecurity incident response plan promptly for any cybersecurity incidents, if applicable. Cybersecurity Risks Our cybersecurity risk management processes are integrated into our overall Enterprise Risk Management (ERM) process. As part of our ERM process, cross-functional leaders identify, assess and evaluate risks impacting our operations across the Company, including those risks related to cybersecurity. We also maintain specific coverage to mitigate losses associated with certain cybersecurity incidents. To date, we have not experienced any material cybersecurity incidents or threats. While we maintain a robust cybersecurity program, the techniques used to infiltrate information technology systems continue to evolve. Accordingly, we may not be able to timely detect threats or anticipate and implement adequate security measures. For additional information, see Item 1A Risk Factors.

Company Information