Barinthus Biotherapeutics plc. 10-K Cybersecurity GRC - 2024-03-20

Page last updated on April 11, 2024

Barinthus Biotherapeutics plc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-20 16:25:31 EDT.

Filings

10-K filed on 2024-03-20

Barinthus Biotherapeutics plc. filed an 10-K at 2024-03-20 16:25:31 EDT
Accession Number: 0001828185-24-000011

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurit y In the normal course of business, we may collect and store personal information and other sensitive information, including proprietary and confidential business information, financial information, trade secrets, intellectual property, information regarding trial participants in connection with clinical trials, sensitive third-party information and employee information. In an effort to protect this information from cybersecurity risks, we have developed a cybersecurity program which incorporates policies and practices designed to protect the confidentiality, integrity and security of our sensitive information. As part of our cybersecurity risk management procedures, we perform system monitoring and scanning and utilize security tools supported by a third-party managed services provider. We also conduct penetration testing performed by a third-party provider. Employees are enrolled in cybersecurity awareness training courses designed to help them identify cybersecurity concerns and take appropriate actions, and we conduct periodic simulated phishing tests in an effort to further raise cybersecurity awareness and reduce the risk of a successful cyberattack. We have established an incident response plan to guide us in responding to cybersecurity incidents. We also take steps to protect against business interruption and conduct annual restoration testing for major systems. In addition, we are developing a cybersecurity risk management program for our third-party vendors. This program aims to assess the cybersecurity maturity of vendors who have access to our data or systems through an evaluation of the vendor s cybersecurity practices. Our cybersecurity program is managed by our IT Director, who reports directly to senior management on matters regarding cybersecurity, as appropriate. Our IT Director has over twenty years of experience in IT, including cybersecurity, and previously served as the IT Director at another biopharmaceutical company. Together, our senior management and IT Director are responsible for leading company-wide cybersecurity strategy, policies, standards, and processes. The Audit Committee, pursuant to its charter, has oversight over management of cybersecurity risks. Senior management and our IT Director provide the Audit Committee with periodic updates on data management and cybersecurity initiatives, as well as on significant existing and emerging cybersecurity risks, including cybersecurity incidents, as applicable. We have a process to record identified risks from cybersecurity threats in our risk register, along with an assessment of the severity of the potential impact and the likelihood of occurrence. This process is designed to facilitate a unified and integrated assessment of corporate risk and governance. The risk register is reviewed periodically by senior management and at least annually by the Board of Directors. Our cybersecurity program is also periodically evaluated by external security consultants, with the results of those reviews reported to senior management and the Audit Committee, as appropriate. We have not identified any cybersecurity incidents or threats that have materially affected us or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition however, like other companies in our industry, we and our third-party vendors may experience threats and security incidents that could affect our information or systems. For more information about the cybersecurity risks we face, please see Section 1A. Risk Factors.

Company Information