Marker Therapeutics, Inc. 10-K Cybersecurity GRC - 2024-03-25

Page last updated on April 11, 2024

Marker Therapeutics, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-25 17:37:56 EDT.

Filings

10-K filed on 2024-03-25

Marker Therapeutics, Inc. filed an 10-K at 2024-03-25 17:37:56 EDT
Accession Number: 0001410578-24-000297

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY We operate in the biotechnology sector, which is subject to various cybersecurity risks that could adversely affect our business, financial condition, and results of operations, including intellectual property theft fraud extortion harm to employees or customers violation of privacy laws and other litigation and legal risk and reputational risk. We have implemented a risk-based approach to identify and assess the cybersecurity threats that could affect our business and information systems. Our cybersecurity program is aligned with industry standards and best practices, such as the National Institute of Standards and Technology ( NIST ) Cybersecurity Framework. We expect the third-party vendors that provide our IT services to use various tools and methodologies to manage cybersecurity risk and to monitor and evaluate our cybersecurity posture and performance on an ongoing basis through regular vulnerability scans, penetration tests and threat intelligence feeds. We expect to require third-party service providers with access to personal, confidential or proprietary information to implement and maintain cybersecurity practices consistent with applicable legal standards and industry best practices. Our business depends on the availability, reliability, and security of our information systems, networks, data, and intellectual property. Any disruption, compromise, or breach of our systems or data due to a cybersecurity threat or incident could adversely affect our operations, customer service, product development, and competitive position. They may also result in a breach of our contractual obligations or legal duties to protect the privacy and confidentiality of our stakeholders. Such a breach could expose us to business interruption, lost revenue, ransom payments, remediation costs, liabilities to affected parties, cybersecurity protection costs, lost assets, litigation, regulatory scrutiny and actions, reputational harm, customer dissatisfaction, harm to our vendor relationships, or loss of market share. Cybersecurity Governance and Oversight Our board of directors addresses our cybersecurity risk management as part of its general oversight function. Our cybersecurity risk assessment and management processes are implemented and maintained by various members of our management team, third party service providers and other employees, who we believe have a combination of relevant expertise, experience, education and training. Certain members of our management team are responsible for hiring appropriate personnel and third-party IT service providers, helping to integrate cybersecurity risk considerations into our overall risk management strategy, communicating key priorities to relevant personnel, approving budgets, helping prepare for cybersecurity incidents, approving cybersecurity processes, and reviewing security assessments and other security-related reports. Our cybersecurity incident response processes are designed to escalate certain cybersecurity incidents to members of management depending on the circumstances, including in some cases to our executive team. Our cybersecurity incident management team, and other individuals as needed, work to help us mitigate and remediate cybersecurity incidents of which we are notified. In addition, our incident response processes include a procedure for reporting certain cybersecurity incidents to the board of directors. The board of directors receives regular reports from management concerning our cybersecurity risk management program. The board also receives various summaries and/or presentations related to cybersecurity threats, risks and mitigation. 68 Table of Contents

Company Information