PepGen Inc. 10-K Cybersecurity GRC - 2024-03-06

Page last updated on April 11, 2024

PepGen Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-06 16:23:31 EST.

Filings

10-K filed on 2024-03-06

PepGen Inc. filed an 10-K at 2024-03-06 16:23:31 EST
Accession Number: 0000950170-24-027178

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Cyber Risk Management and Strategy We have processes for assessing, identifying, and managing cybersecurity risks, which are built into our information technology function and are designed to help protect our information assets and operations from internal and external cyber threats, protect employee and clinical trial information from unauthorized access or attack, as well as secure our networks and systems. Such processes include physical, procedural, and technical safeguards, and routine review of our policies and procedures in an effort to identify risks and refine our practices. We engage certain external parties, including a contracted information technology consultant who is dedicated to our organization, to enhance our cybersecurity oversight. In an effort to deter and detect cyber threats, we perform annual phishing tests with employees. We also require annual cybersecurity and prevention training for employees, which may cover topics such as social engineering, phishing, password protection, confidential data protection, and mobile security, and is designed to educate employees on incident reporting. We also use technology-based tools, including third-party tools and solutions, designed to mitigate cybersecurity risks and to bolster our employee-based cybersecurity programs. We have not identified any cybersecurity incidents or threats that have materially affected us or are reasonably likely to materially affect us, including our business strategy, results of operations or financial condition; however, like other companies in our industry, we and our third-party vendors may, from time to time, experience threats and security incidents relating to our and our third-party vendors information systems. For more information, see Risk Factors-Risks Related to Employee Matters, Managing Growth and Other Operational Matters -Our internal information technology systems, or those of our vendors, collaborators or other contractors or consultants, may fail or suffer security breaches, loss or leakage of data and other disruptions or compromise, which could result in a material disruption of our product development programs, compromise sensitive information related to our business or prevent us from accessing critical information, or trigger contractual and legal obligations, potentially exposing us to liability, reputational harm or otherwise adversely affecting our business and financial results. Governance Related to Cybersecurity Risks Our audit committee of the board of directors, or the Audit Committee, is responsible for overseeing cybersecurity risk, pursuant to the Audit Committee charter, and periodically updates our board of directors on such matters. The Audit Committee receives periodic updates from management and our contracted information technology consultant regarding cybersecurity matters. We have a process for the Audit Committee to be notified between such updates in the event of any significant new cybersecurity threats or incidents. Management is responsible for, and is forming a committee tasked with, the operational oversight of company-wide cybersecurity strategy, policy, and standards across relevant departments to assess and help prepare us to address cybersecurity risks. Our contracted information technology consultant, supported by management, oversees the day-to-day implementation and 107 management of our cybersecurity program. Our information technology consultant reports to the Senior Vice President, or SVP, of Chemistry and Manufacturing, who currently operates as our head of information technology. Our information technology consultant has approximately 20 years of experience in information technology, and also leverages the experience of a third-party managed systems provider. Our information technology consultant regularly reports to the SVP of Chemistry and Manufacturing as well as to other executive management on cyber matters, as appropriate.

Company Information