TELA Bio, Inc. 10-K Cybersecurity GRC - 2024-03-22

Page last updated on April 11, 2024

TELA Bio, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-22 15:59:51 EDT.

Filings

10-K filed on 2024-03-22

TELA Bio, Inc. filed an 10-K at 2024-03-22 15:59:51 EDT
Accession Number: 0001558370-24-003782

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Cyber Risk Management and Strategy Under the oversight of our board of directors and the Audit Committee of the board, we have adopted cybersecurity risk management processes that take a risk based approach to assessing, identifying, and managing risks from cybersecurity threats. Management of cybersecurity risks is part of our overall risk management strategy. We engage third-party service providers to assist us with our cybersecurity risk management, including for network monitoring, antivirus protection, and managing IT environments. We have also engaged third party advisors and consultants to conduct periodic testing of our processes and systems. Before contracting with certain third parties, such as those that have access to our IT networks, we have a process to conduct diligence on those third parties, which includes a security assessment. We have also implemented a process for employees to undergo cybersecurity training during onboarding, and thereafter, on an annual basis as part of our larger compliance training program. 78 Table of Contents We have established monitoring procedures in our effort to mitigate risks related to cybersecurity incidents. As part of our cybersecurity risk management, we have adopted a business continuity and incident response plan, which is designed to establish our processes for identifying and responding to significant events that may lead to a business disruption or crisis, including those arising from or related to cybersecurity threats. Governance Our board of directors holds oversight responsibility over our strategy and risk management, including risks related to cybersecurity. The board s oversight of cybersecurity risk management is supported by the Audit Committee, which has responsibility for discussing with management significant cybersecurity risks and the measures we have implemented to monitor and control such cyber risk exposures. The Audit Committee receives quarterly updates from our Vice President, Information Technology & Compliance ( IT Officer ) relating to IT and cybersecurity matters, including cybersecurity risks and threats. The Audit Committee provides periodic updates to our board of directors on cybersecurity matters discussed at such meetings. Our IT Officer also provides these and similar reports to the full board of directors on a biannual basis. Our IT Officer oversees the day-to-day management of the Company s cybersecurity risk management program. Our IT Officer has over 15 years of experience in IT leadership, and has managed IT for our company for approximately 10 years. Our IT Officer reports to our Chief Operating Officer and Chief Financial Officer and is a member of our Compliance Committee. Our IT Officer coordinates with our legal department and relevant third parties, such as consultants and external legal advisors, to assess and manage material risks from cybersecurity threats. Our IT Officer is also supported by a cross-functional incident response team, which is empowered to review, assess, report, monitor and take action to mitigate or remedy any cybersecurity incidents pursuant to our business continuity and incident response plan. Our IT department further supports and has dedicated resources to assist our IT Officer in monitoring, preventing, detecting, mitigating, and remediating any cybersecurity incidents pursuant to our policies and procedures. We have also established a Disclosure Committee, which regularly reviews relevant information related to potential public disclosure of critical business risks and material events. We have not identified any cybersecurity incidents or threats that have materially affected us or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition. However, like other companies in our industry, we and our third-party vendors have from time to time experienced threats and security incidents that could affect our information or systems. For more information, please refer to Item 1A, Risk Factors, in this Form 10-K.

Company Information