Context Therapeutics Inc. 10-K Cybersecurity GRC - 2024-03-21

Page last updated on April 11, 2024

Context Therapeutics Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-21 07:36:15 EDT.

Filings

10-K filed on 2024-03-21

Context Therapeutics Inc. filed an 10-K at 2024-03-21 07:36:15 EDT
Accession Number: 0001842952-24-000011

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy We recognize the critical importance of developing, implementing, and maintaining robust cybersecurity measures to safeguard our information systems and protect the confidentiality, integrity, and availability of our data. Managing Material Risks & Integrated Overall Risk Management We have strategically integrated cybersecurity risk management into our broader risk management framework to promote a company-wide culture of cybersecurity risk management. This integration is intended to ensure that cybersecurity considerations are an integral part of our decision-making processes at every level. Our management team works closely with our Information Technology provider to continuously evaluate and address cybersecurity risks in alignment with our business objectives and operational needs. Engage Third Parties on Risk Management Recognizing the complexity and evolving nature of cybersecurity threats, we engage with external experts, including cybersecurity assessors, consultants, and auditors in evaluating and testing our risk management systems. These partnerships enable us to leverage specialized knowledge and insights as part of our cybersecurity strategies and processes. Our collaboration with these third parties includes regular audits, threat assessments, and consultation on security enhancements. Risks from Cybersecurity Threats We have not encountered cybersecurity challenges that have materially impaired our business strategy, results of operations or financial condition. For a discussion of whether and how any risks from cybersecurity challenges may materially affect us, see Part I, Item 1A. Risk Factors. Governance Our Board of Directors is acutely aware of the critical nature of managing risks associated with cybersecurity threats and oversees our cybersecurity program. As described above, we obtain periodic assessments of our cybersecurity program from independent third-party experts. Additionally, cybersecurity threats and incidents determined through our cybersecurity program to present potential material impacts to our financial results, operations, or reputation are required to be immediately reported to our Board of Directors in accordance with our escalation framework. Management s Role Managing Risk Our Senior Vice President ( SVP ) of Operations plays a pivotal role in informing our Board of Directors on cybersecurity risks. Our SVP of Operations also had responsibility for managing cybersecurity matters at a prior employer. Our SVP of Operations provides comprehensive briefings to the Board of Directors on a regular basis, with a minimum frequency of once per year. These briefings encompass a broad range of topics, including: Current cybersecurity landscape and emerging threats Status of ongoing cybersecurity initiatives and strategies Learnings from any cybersecurity events and Compliance with regulatory requirements and industry standards. 52 Table of Contents In addition to our scheduled meetings, the SVP of Operations and Chief Executive Officer maintain an ongoing dialogue regarding emerging or potential cybersecurity risks. Monitor Cybersecurity Incidents The SVP of Operations is continually informed about the latest developments in cybersecurity, including potential threats and innovative risk management techniques. This ongoing knowledge acquisition is crucial for the effective prevention, detection, mitigation, and remediation of cybersecurity incidents. The SVP of Operations implements and oversees processes for the regular monitoring of our information systems. This includes the deployment of advanced security measures and regular system audits to identify potential vulnerabilities. Reporting to Senior Leadership The SVP of Operations, in his capacity, regularly informs the Chief Financial Officer and Chief Executive Officer of all aspects related to cybersecurity risks and incidents. This is intended to ensure that the highest levels of management are kept abreast of the cybersecurity posture and potential risks facing us.

Company Information