Alpha Teknova, Inc. 10-K Cybersecurity GRC - 2024-03-26

Page last updated on April 11, 2024

Alpha Teknova, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-26 17:39:49 EDT.

Filings

10-K filed on 2024-03-26

Alpha Teknova, Inc. filed an 10-K at 2024-03-26 17:39:49 EDT
Accession Number: 0000950170-24-036624

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. Our board of directors and management exercise oversight over the Company s cybersecurity program, which represents an important component of the Company s overall approach to enterprise risk management. Governance Teknova s Vice President of Information Systems and Architecture (VP of IT) manages a team responsible for leading enterprise-wide strategy, policy, standards, architecture, processes, and risk assessment related to information security and data protection, including data privacy and network security (our Cybersecurity Program). The VP of IT has served in various roles in information technology and information security, along with other members of the IT department, and holds relevant and applicable certifications. The VP of IT reports directly to the Company s Chief Executive Officer and provides periodic reporting on our Cybersecurity Program to our senior management team, our board of directors, and the audit committee of our board of directors. Our board of directors, in coordination with our audit committee, oversees our management of cybersecurity risk, with the audit committee reviewing and discussing with management matters related to our Cybersecurity Program, including as it relates to financial reporting. The board of directors and audit committee receive periodic reports about the prevention, detection, mitigation, and remediation of cybersecurity incidents, including material security risks and information security vulnerabilities. Additionally, risks associated with the Cybersecurity Program 55 are integrated into the Company s enterprise risk management assessment and reported to our Board as needed. We also share the key results of third-party assessments with our board of directors and audit committee. Risk Management and Strategy Technical Safeguards As part of our Cybersecurity Program, the Company deploys technical safeguards that are designed to protect our information systems from cybersecurity threats, which are evaluated and improved through vulnerability assessments and cybersecurity threat intelligence. Risk Assessment Our Cybersecurity Program also includes a periodic risk assessment, which is based generally on frameworks established by the National Institute of Standards and Technology (NIST). Third-Party Risk Management We also maintain procedures designed to identify and mitigate cybersecurity threats related to our use of material third-party vendors. This includes reviewing the internal controls of certain third-party service providers to assess their procedures to mitigate material cybersecurity risks, among other risks. Incident Response and Recovery Planning We have an information security incident response process to prevent, detect, mitigate, and remediate cybersecurity incidents and threats. This process includes controls and procedures that provide for the prompt escalation of certain cybersecurity incidents so that decisions regarding public disclosure and reporting of such incidents can be made by management in a timely manner, with appropriate involvement by our board of directors. External Assessments We obtain periodic assessments by third party experts of our vulnerability management and security controls and to assist us in identifying and mitigating security risks. Education and Awareness We provide periodic cybersecurity training for all officers and employees as well as periodic additional training for senior management through our cyber insurance carrier. As of the date of this Annual Report on Form 10-K, we are not aware of any risks from cybersecurity threats that have materially affected the Company, including our business strategy, results of operations, or financial condition. For information regarding cybersecurity risks that may materially affect our Company, see the risk factor titled Our internal computer systems, or those of our suppliers, customers, or contractors, have been and may in the future be subject to cyberattacks or security breaches, which could result in a material disruption of our business or otherwise adversely affect our business, financial condition, results of operations, cash flows, and prospects. under Risk Factors in Part I, Item 1A. to this Annual Report on Form 10-K.

Company Information