OmniAb, Inc. 10-K Cybersecurity GRC - 2024-03-25

Page last updated on April 11, 2024

OmniAb, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-25 17:07:41 EDT.

Filings

10-K filed on 2024-03-25

OmniAb, Inc. filed an 10-K at 2024-03-25 17:07:41 EDT
Accession Number: 0001846253-24-000006

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Cybersecurity Risk Management and Strategy We have implemented and maintain various information security processes designed to identify, assess and manage material risks from cybersecurity threats to our critical computer networks, third party hosted services, communications systems, hardware and software, and our critical data, including intellectual property, confidential information that is proprietary, strategic or competitive in nature, and personal information of employees and others ( Information Systems and Data ). We design and assess our program based on the International Standards Organization s (ISO) International standard ISO 27001: Information security management systems , and ISO 27002: Code of practice for information security controls . This does not imply that we meet any particular technical standards, specifications, or requirements, only that we use the ISO standards as a guide to help us identify, assess, and manage cybersecurity risks relevant to our business. 62 Our information technology department with the assistance of third-party service providers help identify, assess and manage the Company s cybersecurity threats and risks. Our information technology department identifies and assesses risks from cybersecurity threats by monitoring and evaluating our threat environment using various methods including, for example: manual and automated cybersecurity tools such as malware scans, penetration testing, vulnerability testing such as phishing simulations and analysis of reported threats. Depending on the environment, we implement and maintain various technical, physical, and organizational measures, processes, standards and policies designed to manage and mitigate material risks from cybersecurity threats to our Information Systems and Data, including, for example: employee training, access controls, data encryption, systems monitoring, regular patching of operating systems and software, a password policy, a written IT security incident response plan, and cybersecurity insurance coverage. Our assessment and management of material risks from cybersecurity threats are integrated into the Company s overall risk management processes. For example, the information technology department works with management to prioritize our risk management processes and mitigate cybersecurity threats that are more likely to lead to a material impact to our business and reports to the Audit Committee of the Board of Directors, which evaluates cybersecurity and information technology risk as well as other aspects of our overall enterprise risk. We have not identified cybersecurity incidents, that have materially affected or are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition. For more information, see the section titled Risk Factor Security breaches, loss of data and other disruptions could compromise sensitive information related to our business or prevent us from accessing critical information and expose us to liability, which could adversely affect our business and our reputation. Cybersecurity Governance Our Board of Directors addresses the Company s cybersecurity risk management as part of its general oversight function. The Board of Directors Audit Committee is responsible for overseeing the Company s cybersecurity risk management processes, including oversight and mitigation of risks from cybersecurity threats. Our cybersecurity risk assessment and management processes are implemented and maintained by certain Company management, including our Vice President of Data Sciences and IT, who has prior work experience in information technology, and our Director of IT, who has experience in network security and systems administration. The Vice President of Data Sciences and IT and Director of IT have a combined 25 years of risk management experience. Our Vice President of Data Sciences and IT is responsible for hiring appropriate personnel, helping to integrate cybersecurity risk considerations into the Company s overall risk management strategy, and communicating key priorities to relevant personnel. Our IT security incident response plan is designed to escalate certain cybersecurity incidents to our IT Security Council depending on the circumstances. Our IT Security Council is made up of our Chief Executive Officer, Chief Financial Officer, Chief Legal Officer and Secretary, Vice President of Data Sciences and IT, and Director of IT. Based on the severity and materiality of the incident, the Company s IT security incident response plan also includes reporting to the Audit Committee of the Board of Directors for cybersecurity incidents. In addition, the Audit Committee receives regular reports from management concerning the Company s significant cybersecurity threats and risk and the processes the Company has implemented to address them.

Company Information