Compass Therapeutics, Inc. 10-K Cybersecurity GRC - 2024-03-21

Page last updated on April 11, 2024

Compass Therapeutics, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-21 09:00:49 EDT.

Filings

10-K filed on 2024-03-21

Compass Therapeutics, Inc. filed an 10-K at 2024-03-21 09:00:49 EDT
Accession Number: 0001171843-24-001516

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. We recognize the importance of safeguarding the security of our computer systems, software, networks, and other technology assets. We have implemented and maintain a security risk management program that is designed to preserve the confidentiality, integrity, and continued availability of information under our ownership or care with the aim to continually improve security features in order to keep pace with the evolving cyber threat landscape. We face a number of cybersecurity risks in connection with our business and recognize the growing threat within the general marketplace and our industry. Although such risks have not materially affected us, including our business strategy, results of operations or financial condition, to date, we and our vendors have, from time to time, experienced threats to and breaches of our data and systems. For more information about the cybersecurity risks we face, see the section entitled Risk Factors Risks Related to Information Technology and Data Privacy . 106 Risk Management and Strategy We have implemented internal controls including regular risk assessments designed to address financial, operational and information technology (including cybersecurity) risks and controls across our organization. These assessments are overseen by our Director of IT and VP of Finance. We implement cybersecurity controls and procedures designed to address cyber risks and threats, supported by third-party technologies and security advisors and providers. We also provide cybersecurity awareness training to our employees during the onboarding process and periodically thereafter. In addition, we engage external third-party information security consultants to periodically conduct information security testing and assessments, and to evaluate our overarching information security program and specific incident response procedures. We also maintain a Cyber Incident Response Plan, which is overseen by our Director of IT and is designed to coordinate our response to information security incidents. Cybersecurity Oversight The Director of IT is responsible for implementing and maintaining the information security program. The Director of IT role is currently held by an individual who has more than 20 years of professional IT management experience and maintains a Global Information Assurance Certification. The Director of IT reports to our VP of Finance, who together are responsible for coordinating information security risk assessments and overseeing periodic testing of our cybersecurity controls. Our VP of Finance meets with the audit committee of our board of directors periodically for the audit committee to provide guidance on the prioritization of the risk remediation and ongoing implementation of cybersecurity improvements across our organization. Management also generally provides quarterly updates to the audit committee on cybersecurity and other information technology risks. We have implemented a process for the Director of IT and the VP of Finance to receive incident reports and report quarterly (and, if applicable, in the event of a cybersecurity incident), to our internal disclosure committee and the audit committee, as appropriate. Management presents to the entire board of directors on an annual basis, including any key findings identified in our cybersecurity assessments.

Company Information