eFFECTOR Therapeutics, Inc. 10-K Cybersecurity GRC - 2024-03-26

Page last updated on April 11, 2024

eFFECTOR Therapeutics, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-26 08:57:16 EDT.

Filings

10-K filed on 2024-03-26

eFFECTOR Therapeutics, Inc. filed an 10-K at 2024-03-26 08:57:16 EDT
Accession Number: 0000950170-24-036169

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. Cybersecurity Risk Management and Strategy We have developed and implemented a cybersecurity risk management program intended to protect the confidentiality, integrity, and availability of our critical systems and information. Our cybersecurity risk management program includes a cybersecurity incident response plan. We design and assess our program based on ISO 27002 standards. This does not imply that we meet any particular technical standards, specifications, or requirements, only that we use the ISO 27002 as a guide to help us identify, assess, and manage cybersecurity risks relevant to our business. We engage external resources that contribute to, and provide independent evaluation of, our existing cybersecurity practices and organizational risk assessment systems. We use established processes designed to identify, assess, and manage third-party service provider risks when third parties handle, possess, process, and store the Company’s material information. Our cybersecurity risk management program includes (i) a policy designed to help identify material cybersecurity risks to our critical systems, information, products, services, and our broader enterprise information technology environment (ii) the use of external service providers to manage, assess, test and otherwise assist with aspects of our security controls and (iii) a cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents. We have not identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected or are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition. However, there can be no assurance that our cybersecurity prevention and mitigation efforts will always be successful, and it is possible that cybersecurity threats could have a material adverse effect on our business, operations, or financial condition in the future. See Risk Factors Risks Related to Our Business Operations and Industry Our business and operations may suffer in the event of information technology system failures, cyberattacks or deficiencies in our cybersecurity. under the heading Risk Factors of this Form 10-K. Cybersecurity Governance Our Board considers cybersecurity risk as part of its risk oversight function and has delegated to the Audit Committee (the “Committee”) oversight of cybersecurity and other information technology risks. The Committee oversees implementation of our cybersecurity risk management program by management and out external information technology service provider. 93 The Committee receives regular updates from management on our cybersecurity risks. In addition, management updates the Committee, as necessary, regarding any material cybersecurity incidents, as well as any incidents with lesser impact potential. The Committee also receives briefings from management on our cyber risk management program. Committee members receive presentations on cybersecurity topics from our finance department, including our Chief Financial Officer and external experts as part of the Board s continuing education on topics that impact public companies. Our management team, including our Chief Financial Officer, and our external information technology services providers are responsible for assessing and managing our material risks from cybersecurity threats. We have outsourced implementation and day-to-day function of our overall cybersecurity risk management program to our third-party information technology service providers. Our management team supervises both our internal personnel and our retained external cybersecurity consultants. Our management team supervises efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, which may include briefings from the finance department or external information technology personnel threat intelligence and other information obtained from governmental, public or private sources, including external consultants engaged by us and alerts and reports produced by security tools deployed in the information technology environment.

Company Information