Fresh Tracks Therapeutics, Inc. 10-K Cybersecurity GRC - 2024-03-15

Page last updated on April 11, 2024

Fresh Tracks Therapeutics, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-15 16:09:01 EDT.

Filings

10-K filed on 2024-03-15

Fresh Tracks Therapeutics, Inc. filed an 10-K at 2024-03-15 16:09:01 EDT
Accession Number: 0001628280-24-011460

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Risk Management and Strategy We use a cloud-only environment for our information systems there is no central access point that provides access to all software and related data. We use third-party clinical research organizations ( CROs ) to manage all patient-related data and review their cybersecurity procedures as part of vendor evaluation. Our employees do not have access to any patient-identifiable data. 20 Table of Contents The Company has an IT Security Policy that establishes IT security and rules for the Company. This policy covers both good practice quality guidelines and regulations ( GxP ) and non-GxP IT systems. With the assistance of a senior IT consultant, management has evaluated the potential cyber risk associated with each of our information systems, both internal and external, taken appropriate steps to mitigate risks, and assigned specific tasks to our Cyber Incident Response Team members in case of a cyber incident. Our Cyber Incident Response Team currently consists of all remaining members of management. Our cybersecurity environment emphasizes the role of each individual user in preventing a cyber incident. We have implemented required monthly video-based cybersecurity training. All users are tested on each training module. This training is supplemented by test phishing messages to see if users are alert to cyber risks. While we have experienced cybersecurity incidents and expect to continue to be subject to such incidents, to date, we have not experienced any cybersecurity incidents that have materially affected our business strategy, results of operations or financial condition. However, we are subject to ongoing risks from cybersecurity threats that could materially affect us, as further described in Part I, Item 1A, Risk Factors in this Annual Report. Governance The Board is responsible for general risk oversight. The Board reviews and evaluates management s evaluation and mitigation of cyber risks as part of its oversight of the Company s Risk Management program. Management periodically reviews cyber risks, incidents, and risk mitigation plans and activities with the Board. In addition to recommendations from our senior IT consultant, we engaged an outside consulting firm to conduct a review of our information systems environment and make recommendations to improve security where appropriate. Management shared the report s findings with the Board and periodically updates the Board regarding our progress on implementing the report s recommendations.

Company Information