Design Therapeutics, Inc. 10-K Cybersecurity GRC - 2024-03-19

Page last updated on April 11, 2024

Design Therapeutics, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-19 16:17:44 EDT.

Filings

10-K filed on 2024-03-19

Design Therapeutics, Inc. filed an 10-K at 2024-03-19 16:17:44 EDT
Accession Number: 0000950170-24-033492

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cyb ersecurity. Risk management and strategy We have implemented and maintain various information security processes designed to identify, assess and manage material risks from cybersecurity threats to our critical computer networks, third party hosted services, communications systems, hardware and software, and our critical data, including intellectual property and confidential information that is proprietary, strategic or competitive in nature (Information Systems and Data). Our Chief Operating Officer and our General Counsel help identify, assess and manage our material risks from cybersecurity threats. Along with our Chief Operating Officer and our General Counsel, a third-party information technology strategy and risk reduction vendor helps identify and assess risks from cybersecurity threats by monitoring and evaluating our threat environment and our risk profile using various methods including, for example, manual tools, automated tools, subscribing to reports and services that identify cybersecurity threats, analyzing reports of threats and actors, conducting scans of the threat environment, evaluating our and our industry s risk profile, evaluating threats reported to us, internal audits, conducting threat assessments for internal and external threats, conducting vulnerability assessments to identify vulnerabilities, use of external intelligence feeds and coordinating with law enforcement as appropriate about certain threats. Depending on the environment, we implement and maintain various technical, physical, and organizational measures, processes, standards and policies designed to manage and mitigate material risks from cybersecurity threats to our Information Systems and Data, including, for example: incident detection and response procedures an incident response policy a vulnerability management policy conducting risk assessments encrypting certain of our data maintaining network security controls segmenting certain of our data maintaining access and physical security controls asset management, tracking, and disposal protocols systems monitoring vendor risk management processes employee training maintaining cybersecurity insurance and retaining a third party information technology strategy and risk reduction vendor. Our assessment and management of material risks from cybersecurity threats are integrated into our overall risk management processes. For example, cybersecurity risk is addressed as a component of our enterprise risk management program our Chief Operating Officer and General Counsel work with management to prioritize our risk management processes and mitigate cybersecurity threats that are expected to be more likely to lead to a material impact to our business our Chief Operating Officer and General Counsel evaluate material risks from cybersecurity threats against our overall business objectives and our Chief Operating Officer reports to the audit committee of the board of directors, which evaluates our overall enterprise risk. We use third-party service providers to assist us from time to time to identify, assess, and manage material risks from cybersecurity threats, including for example , professional services firms (including outside legal counsel), threat intelligence service providers, cybersecurity consultants, cybersecurity software providers, managed cybersecurity service providers, and dark web monitoring services. We use third-party service providers to perform a variety of functions throughout our business, such as application providers, hosting services, contract research organizations and contract manufacturing organizations. We have vendor management processes to identify and oversee cybersecurity risks associated with the use of our providers. Depending on the nature of the services provided, the sensitivity of the Information Systems and Data at issue, and the identity of the provider, these processes may include a risk assessment of the vendor, security questionnaire, security assessments, security assessment calls with the vendor s security personnel and imposition of contractual obligations on the vendor. For a description of the risks from cybersecurity threats that may materially affect us and how they may do so, see our risk factors under Part I. Item 1A. Risk Factors in this Annual Report on Form 10-K, including Our information technology systems or sensitive data, or those of our third-party CROs or other contractors or consultants, may fail or suffer security incidents, loss or leakage of data, and other disruptions, which could result in a material disruption of our product candidates’ development programs, compromise sensitive data related to our business or prevent us from accessing critical information, potentially exposing us to liability or otherwise adversely affecting our business. Governance Our board of directors addresses our cybersecurity risk management as part of its general oversight function. The board of directors audit committee is responsible for overseeing our cybersecurity risk management processes. 112 Our cybersecurity risk assessment and management processes are implemented and maintained by certain of our management, including our Chief Operating Officer and our General Counsel. Our Chief Operating Officer has been responsible for the oversight of our cybersecurity since he joined our company in May 2019. He has a B.A. in Computer Science. Our General Counsel has oversight of our legal department, has prior experience serving as inside and outside corporate counsel to technology and cybersecurity companies and a highly regulated cancer diagnostics company. Our cybersecurity incident response and vulnerability management processes are designed to escalate certain cybersecurity incidents to members of management depending on the circumstances, including our Chief Operating Officer and our General Counsel. Our Chief Operating Officer and our General Counsel will work with our incident response team to help us mitigate and remediate cybersecurity incidents of which they are notified. In addition, our incident response processes include reporting to the audit committee of the board of directors for certain cybersecurity incidents. The audit committee receives periodic reports from our Chief Operating Officer concerning our significant cybersecurity threats and risk and the processes we have implemented to address them. The audit committee also receives and has access to various reports, summaries or presentations related to cybersecurity threats, risk and mitigation.

Company Information