Century Therapeutics, Inc. 10-K Cybersecurity GRC - 2024-03-14

Page last updated on April 11, 2024

Century Therapeutics, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-14 07:30:58 EDT.

Filings

10-K filed on 2024-03-14

Century Therapeutics, Inc. filed an 10-K at 2024-03-14 07:30:58 EDT
Accession Number: 0001558370-24-003165

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Cybersecurity Risk Management and Strategy At Century Therapeutics, we recognize the importance of information security practices designed to protect the confidentiality, integrity, and availability of Company information. We have implemented a cybersecurity program in accordance with our risk profile and business that is informed by recognized industry standards and frameworks, and incorporates elements of the same, including elements of the National Institute of Standards and Technology Cybersecurity Framework ( NIST CSF ). Our cybersecurity risk management program includes a number of components, including information security maturity assessments, penetration testing, and vulnerability assessments, that are conducted periodically by both internal and external resources. We also conduct employee training and leverage third-party security tools, including but not limited to access controls, threat monitoring, and endpoint protection and response. We maintain a security operations center operated by a third party that collects cybersecurity threat data from multiple sources and determines if activity is potentially suspicious or malicious. We are in the process of developing and implementing additional cybersecurity policies and procedures. We take a risk-based approach to the evaluation of third-party vendors, and apply mitigations and processes based on the nature of the data accessed by the vendor. Currently, we review System and Organization Controls ( SOC ) reports from vendors who have access to financial reporting information, and we are in the process of developing additional vendor risk management policies and procedures. We have not identified any cybersecurity incidents or threats that have materially affected us or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition. However, like other companies in our industry, we and our third-party vendors have from time to time experienced threats and security incidents that could affect our information or systems. For more information, please see Section 1A. Risk Factors. Cybersecuity Governance Our Director of Cybersecurity is responsible for the strategic leadership and direction of the Company s information security organization. The individual currently serving as the Director of Cybersecurity has over twenty years of experience working in information technology. The Director of Cybersecurity receives cybersecurity alerts from the Company s third-party security operations center, and provides periodic updates to the Head of Information Technology who informs the Company s executive committee, which includes the Company s Chief Executive Officer, Chief Operating Officer and, Chief Financial Officer. Beginning last year, the Director of Cybersecurity also provides updates to the Audit Committee of the board of directors approximately on a quarterly basis. The Audit Committee, pursuant to its charter, reviews significant existing and emerging cybersecurity risks, including material cybersecurity incidents if any, the impact on the Company and its stockholders of any significant cybersecurity incident and any disclosure obligations arising from any such incidents.

Company Information