Entrada Therapeutics, Inc. 10-K Cybersecurity GRC - 2024-03-13

Page last updated on April 11, 2024

Entrada Therapeutics, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-13 07:24:30 EDT.

Filings

10-K filed on 2024-03-13

Entrada Therapeutics, Inc. filed an 10-K at 2024-03-13 07:24:30 EDT
Accession Number: 0001689375-24-000016

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy As part of our overall risk management process, we have established a cybersecurity risk management program for assessing, identifying, and managing risks from cybersecurity threats. Our cybersecurity risk management program is informed by recognized industry standards and frameworks and incorporates elements of the same, including elements of the National Institute of Standards and Technology ( NIST ) Cybersecurity Framework and the Federal Information Processing Standards Publication ( FIPS ). Our cybersecurity risk management program includes a control framework and operations that utilizes tools and processes designed to prevent, detect, and analyze current and emerging cybersecurity threats, and we maintain plans and strategies to address any cybersecurity threats and incidents. These tools and processes include, but are not limited to, periodic cybersecurity risk assessments and vulnerability analyses, as well as monitoring for critical risks from cybersecurity threats using automated tools. Personnel at all levels and departments are made aware of our cybersecurity policies through participation in cybersecurity risk awareness trainings during onboarding and on an annual basis thereafter. 122 Table of Contents As necessary and appropriate, we engage consultants, or other third parties, in connection with our cybersecurity risk assessment processes. These service providers assist us in designing and implementing cybersecurity procedures, as well as in monitoring and testing the effectiveness of our cybersecurity safeguards. For example, we engage these vendors to conduct annual risk assessments, including internal and external penetration testing, to identify cybersecurity threats, as well as to perform cybersecurity risk assessments in the event of substantial changes to our business practices that may affect our information systems. These cybersecurity risk assessments are designed to include identification of reasonably foreseeable internal and external cybersecurity risks, analysis on the likelihood and potential damage that could result from such risks, and feedback on the sufficiency of our existing procedures, systems, and safeguards to mitigate such cybersecurity risks. As part of our cybersecurity risk management program, we maintain processes related to third-party vendor cybersecurity risk management. As appropriate, we contractually require certain third-parties to certify that they have the ability to implement and maintain appropriate cybersecurity measures, consistent with applicable laws, and to promptly report any suspected cybersecurity incidents that may affect our company or our data. We face a number of cybersecurity risks in connection with our business. Although risks from cybersecurity threats have to date not materially affected us, and we do not believe they are reasonably likely to materially affect us, our business strategy, results of operations or financial condition, we have, from time to time, experienced threats and security incidents relating to our and our third party vendors information systems. For more information, please refer to Item 1A, Risk Factors, in this annual report on Form 10-K. Governance One of the key functions of our board of directors is informed oversight of our risk management process, including risks from cybersecurity threats. Our board of directors has delegated this cybersecurity risk management oversight function to our audit committee. Under the purview of our audit committee, our President and Chief Operating Officer, General Counsel, and Chief Financial Officer ( CFO ) collectively, the Risk Management Committee ) are primarily responsible for assessing, managing and mitigating our critical risks from cybersecurity threats. Our Head of Information Technology ( IT ), who reports directly to our CFO, has primary responsibility for the day-to-day management of our cybersecurity risk management program. The individual currently operating as our Head of IT possesses approximately 19 years of experience with information technology and cybersecurity risk management programs. Our Head of IT s responsibilities, with support from our internal IT team and external IT consultants, include assessing, monitoring, and managing our cybersecurity risks. Our Head of IT periodically reports to our CFO on matters relating to our overall cybersecurity risk management program and, in the event of a cybersecurity incident, reports directly to our entire Risk Management Committee. The CFO reports on the cybersecurity risk management program to the other members of our Risk Management Committee and, alongside our General Counsel, provides quarterly cybersecurity risk management briefings to the audit committee, including discussion of cybersecurity risks, that include any recent cybersecurity incidents and related responses, cybersecurity systems testing, activities of third parties, and other matters relevant to our overall cybersecurity risk management. Our audit committee provides quarterly updates, as appropriate, on the cybersecurity risk management program, to our full board of directors.

Company Information