Page last updated on April 11, 2024
Zymeworks Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-06 16:30:14 EST.
Filings
10-K filed on 2024-03-06
Zymeworks Inc. filed an 10-K at 2024-03-06 16:30:14 EST
Accession Number: 0001937653-24-000019
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
Item 1C. Cybersecurity. Our board of directors is responsible for overseeing our risk management program, and cybersecurity is a critical element that has been integrated into our overall risk management program. Management is responsible for the day-to-day administration of our risk management program and our cybersecurity policies, processes, and practices. We aim to incorporate industry practices throughout our cybersecurity program. Our cybersecurity strategy focuses on implementing effective and efficient controls, technologies, and other processes to assess, identify, and manage cybersecurity risks. Our cybersecurity program is informed by applicable industry standards and is assessed regularly by independent third-party auditors. 85 Table of Contents Cybersecurity Risk Management and Strategy Our cybersecurity risk management strategy focuses on several areas: Identification and Escalation: We have implemented a cross-functional approach to assessing, identifying and managing cybersecurity threats and incidents. Our program includes controls and procedures to identify, classify and escalate certain cybersecurity incidents to provide management visibility and obtain direction from management. Technical Safeguards: We implement technical safeguards that are designed to protect our information systems from cybersecurity threats, which are evaluated and improved through vulnerability assessments and cybersecurity threat intelligence, as well as outside audits and certifications. Incident Response and Recovery Planning: We have established and maintain incident response, business continuity, and disaster recovery plans designed to address our response to a cybersecurity incident. We conduct periodic tabletop exercises to test these plans and ensure personnel are familiar with their roles in a response scenario. Third-Party Risk Management: We maintain a risk-based approach to identifying and overseeing cybersecurity threats presented by third parties, including vendors, service providers, and other external users of our systems, as well as the systems of third parties that could adversely impact our business in the event of a cybersecurity incident affecting those third-party systems, including any outside auditors or consultants who advise on our cybersecurity systems. Education and Awareness: We provide regular, mandatory training for all employees regarding cybersecurity threats as a means to equip our employees with tools to make employees aware of and to address cybersecurity threats, and to communicate our evolving information security policies, standards, processes, and practices. We conduct periodic assessments and testing of our policies, standards, processes, and practices in a manner intended to address cybersecurity threats and events. We adjust our cybersecurity policies, standards, processes, and practices as necessary based on the information provided by these assessments, audits, and reviews. We, like any company operating in the current environment, have experienced cybersecurity incidents in the past. However, we have not experienced a cybersecurity event that was determined to be material. For additional information regarding whether any risks from cybersecurity threats are reasonably likely to materially affect our company, including our business strategy, results of operations, or financial condition, see Item 1A, Risk Factors , of this Annual Report on Form 10-K, including the risk factor titled Security breaches and incidents, loss of data and other disruptions could compromise sensitive information related to our business or protected health information or prevent us from accessing critical information and expose us to liability, which could adversely affect our business and our reputation. Governance Our board of directors, in coordination with the audit committee of our board of directors, oversees our risk management program, including the management of cybersecurity threats. Our board of directors and our audit committee receive prompt and timely information regarding cybersecurity risks, as well as ongoing updates regarding any such risk, from senior management. Our Senior Director, IT who has over 20 years experience with cybersecurity at public companies, in coordination with senior management including our Chief Executive Officer, works collaboratively across our company to implement a program designed to protect our information systems from cybersecurity threats and to promptly respond to cybersecurity incidents in accordance with our incident response and recovery plans. To facilitate the success of our cybersecurity program, a cross-functional team throughout our company addresses cybersecurity threats and responds to cybersecurity incidents. Through ongoing communications with this team, the Senior Director, IT and senior management are informed about and monitor the prevention, detection, mitigation and remediation of cybersecurity threats and incidents in real time and report such threats and incidents to the Audit Committee when appropriate.
Company Information
| Name | Zymeworks Inc. |
| CIK | 0001937653 |
| SIC Description | Pharmaceutical Preparations |
| Ticker | ZYME - Nasdaq |
| Website | |
| Category | Accelerated filer Smaller reporting company |
| Fiscal Year End | December 30 |