Aptose Biosciences Inc. 10-K Cybersecurity GRC - 2024-03-26

Page last updated on April 11, 2024

Aptose Biosciences Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-26 17:00:36 EDT.

Filings

10-K filed on 2024-03-26

Aptose Biosciences Inc. filed an 10-K at 2024-03-26 17:00:36 EDT
Accession Number: 0000950170-24-036537

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Cybersecurity Risk Management and Strategy We have developed and maintain a cybersecurity program designed to assess, identify, and manage risks from cybersecurity threats. As part of this program, we conduct periodic assessments of our IT Systems to evaluate the effectiveness of applicable security controls. These assessments follow industry-standard frameworks and include a review of our information security controls to assess cybersecurity capabilities and maturity. The results of these assessments are reported to the Audit Committee of the Board of Directors.. In general, we seek to address cybersecurity risks through a cross-functional approach that is focused on preserving the confidentiality, integrity, and availability of the information that we collect and store by identifying, preventing, and mitigating cybersecurity threats and effectively responding to cybersecurity incidents when they occur. We have established a cybersecurity policy that outlines the governance processes for identifying and managing material risks to privacy and cybersecurity. In addition, our cybersecurity policy describes our capabilities and processes for the detection, response, analysis, mitigation, recovery, and reporting of cybersecurity incidents. We also manage and maintain business continuity and disaster recovery capabilities to help ensure the availability of business-critical technology resources. Governance Related to Cybersecurity Risks Management is responsible for the day-to-day management of risks we face, while our board of directors, as a whole and through committees, has responsibility for the oversight of risk management. Our Audit Committee oversees the management of risks from cybersecurity threats. In addition, the full board reviews our major risk exposures, their potential impact on us, and the steps we take to manage them. Our Chief Information Officer (“CIO”) is responsible for developing, implementing, and maintaining our cybersecurity risk management policies and procedures. The individual currently serving in the role of CIO has over thirty-five years of experience in cybersecurity, information security, data protection, regulatory compliance, and risk management within complex and international business verticals such as pharmaceutical/biotech, technology, and logistics. The CIO provides regular cybersecurity updates to our board of directors. Our Information Technology Steering Committee (“ITSC”) oversees matters regarding the Company s Information Technology strategy, priorities, and governance, including cybersecurity threats and risk assessments, through periodic meetings and frequent communications. ITSC members include representatives from the Finance, Regulatory Affairs, Operations, and Information Technology departments. The ITSC has a charter that is reviewed internally to ensure it is aligned with our business strategy. As outlined in its charter, and relative to cybersecurity, the ITSC is responsible for identifying and assessing material cybersecurity risks across the Company, including escalating to our Audit Committee and Executive Management where appropriate. 39

Company Information