PRECIGEN, INC. 10-K Cybersecurity GRC - 2024-03-19

Page last updated on April 11, 2024

PRECIGEN, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-19 16:48:47 EDT.

Filings

10-K filed on 2024-03-19

PRECIGEN, INC. filed an 10-K at 2024-03-19 16:48:47 EDT
Accession Number: 0001356090-24-000007

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management At Precigen, cybersecurity risk management is an integral part of our overall enterprise risk management processes. Our cybersecurity risk management program is managed by our security steering team. Designed to align with industry best practices, our program provides a framework for identifying, monitoring, assessing and responding to cybersecurity threats and incidents and facilitates coordination across different departments of the Company. This framework includes steps for identifying the source of a cybersecurity threat or incident, including whether such cybersecurity threat or incident is associated with a third-party vendor or service provider, assessing the severity and risk of a cybersecurity threat or incident, implementing cybersecurity countermeasures and mitigation strategies and informing management and our board of directors of potentially material cybersecurity threats and incidents or other significant changes in the evolving cybersecurity threat landscape. Our security steering team is responsible for assessing and maintaining our cybersecurity risk program, and engages third-party cybersecurity experts for risk assessment and system enhancements. In addition, we provide training to all employees both during the initial onboarding process and on an annual basis. We also conduct tabletop exercises to assess our cybersecurity readiness on an annual basis. However, despite our efforts, we cannot eliminate all risks from cybersecurity threats or incidents, or provide assurances that we have not experienced an undetected cybersecurity incident. For more information about these risks, please see “Risk Factors-If we experience a significant breach of data security or disruption in our information systems, our business could be adversely affected.” in this annual report on Form 10-K. Cybersecurity Governance Management is responsible for identifying and assessing cybersecurity risks on an ongoing basis, establishing processes designed to ensure that such potential cybersecurity risk exposures are monitored, putting in place appropriate mitigation and remediation measures, and maintaining cybersecurity programs. Our cybersecurity programs are managed under the direction of our Chief Operating Officer (“COO”) who serves as the chairman of the security steering team and monitors the prevention, detection, mitigation, and remediation of cybersecurity risks. The security steering team also includes the leadership of our Information Technology (“IT”) team. The IT team consists of seasoned security professionals well-versed in emerging cybersecurity risks and solutions used to mitigate and remediate loss due to cybersecurity incidents. Precigen also employs the use of cybersecurity vendors to actively monitor and remediate cybersecurity threats and incidents. Management, including the COO, regularly updates the board of directors on the Company s cybersecurity programs, material cybersecurity risks and mitigation strategies and provides quarterly cybersecurity updates. Such updates cover, among other topics, third-party assessments of the Company s cybersecurity programs, developments in cybersecurity and updates to the Company s cybersecurity programs and mitigation strategies. Our board of directors has overall oversight responsibility for our risk management and is charged with oversight of our cybersecurity risk management program. The board is responsible for ensuring that management has policies and processes in place designed to identify, monitor, assess and respond to cybersecurity, data privacy and other information technology risks to which the Company is exposed and implement processes and programs to manage cybersecurity risks and mitigate cybersecurity threats and incidents.

Company Information