iSpecimen Inc. 10-K Cybersecurity GRC - 2024-03-13

Page last updated on July 2, 2024

iSpecimen Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-13 17:27:05 EDT.


10-K filed on 2024-03-13

iSpecimen Inc. filed an 10-K at 2024-03-13 17:27:05 EDT
Accession Number: 0001558370-24-003129

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Cybersecurity Risk Management and Strategy iSpecimen maintains an Information Security Management Program (“ISMP”) with a primary goal to reduce risks to iSpecimen by protecting and supporting the confidentiality, availability, and integrity of information assets including personally identifiable information. Our cross-functional Risk Management Committee, with direction and support from our Board including the Audit Committee, works to identify, assess, and manage material risks including those from cybersecurity threats. iSpecimen invests in administrative, technical, and physical safeguards, including support from external solution providers and auditors, to maintain information security protections of our data and to safeguard customers, suppliers, employees, and business partners. Cybersecurity Governance The Risk Management Committee meets on a quarterly basis to review the currently identified risks to the business and how they are being managed, identify and assess any new material risks, and recommend any changes to our risk management positions. The Risk Management Committee includes the Chief Executive Officer, the Chief Information Officer (“CIO”), and other members of our senior leadership team. The risks considered include those associated with the use of third-party service providers. As of the date of this filing, iSpecimen is not aware of any cybersecurity threats, including those from previous cybersecurity incidents, that have materially affected or are reasonably likely to materially affect the Company, including its business strategy, results of operations, or financial condition. For an expanded view of the risks regarding a cybersecurity incident, please see “If our security measures are breached, or if our services are subject to attacks that degrade or deny the ability of users to access our platforms, our platforms and applications may be perceived as not being secure, customers and suppliers may curtail or stop using our services, and we may incur significant legal and financial exposure” under the “Risk Factors” section of this Annual Report. Our CIO, who also holds the role of Chief Information Security Officer (“CISO”) for iSpecimen, reports annually and as needed to the Board on our ISMP. This reporting includes information on the current external cybersecurity risk landscape, specific threat categories driving this risk, how iSpecimen is working to manage these risks, relevant metrics, and details on annual improvements to the program. The CISO has served in various roles in information technology and information security over the last three decades including serving as CISO for several organizations.

Company Information

NameiSpecimen Inc.
SIC DescriptionServices-Commercial Physical & Biological Research
TickerISPC - Nasdaq
Emerging growth company
Fiscal Year EndDecember 30