Kyverna Therapeutics, Inc. 10-K Cybersecurity GRC - 2024-03-26

Page last updated on April 11, 2024

Kyverna Therapeutics, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-26 16:40:23 EDT.

Filings

10-K filed on 2024-03-26

Kyverna Therapeutics, Inc. filed an 10-K at 2024-03-26 16:40:23 EDT
Accession Number: 0000950170-24-036481

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. Cyber Risk Management and Strategy We, under the oversight of the Audit Committee of our board of directors, have implemented and maintain an enterprise risk management process, which includes periodic assessments of various risk categories, including cyber risks, across our Company. Our process for assessing, identifying, and managing risks from cybersecurity threats is informed by industry standards and supported by cybersecurity technologies, including third-party security solutions, monitoring, and alerting tools, designed to monitor, identify, and address cybersecurity risks. We leverage a managed security service provider and also engage with other third-party providers and consultants to support our cyber risk management efforts, including through periodic security testing. We have a process to assess and review the cybersecurity practices of information technology third-party vendors and service providers, including through review of applicable certifications, security reports, and vendor questionnaires and contractual requirements, as appropriate. Governance Related to Cybersecurity Risks Our cyber risk management program and related operations and processes are directed by our Head of IT in consultation with the legal team and our third-party security advisor. Currently, our Head of IT role is held by an individual who has over 20 years of information technology experience. The Head of IT reports to our Chief Financial Officer. Our Head of IT meets with our Chief Financial Officer periodically to discuss and review our cybersecurity risk management processes and to address matters related to potential cybersecurity and information technology risks, with input from our third-party technology providers, as appropriate. In addition, our Head of IT has regular meetings with our managed security service provider to inform our cyber risk management processes and reporting to management. Our Head of IT, working with our Chief Financial Officer, provides periodic reports on cybersecurity and information technology matters to our Audit Committee, which assists our board of directors in reviewing and overseeing our risk management process, including cybersecurity risks. Our Chief Financial Officer and our Audit Committee periodically report on cybersecurity risk management to the full board of directors. Our board of directors, as a whole and through its committees, has responsibility for the periodic review and oversight of information technology risks, including cybersecurity risks. 114 Our enterprise risk management program is overseen by a risk management committee comprised of senior management across key functional areas inclusive of cybersecurity and information technology matters. This committee, working with our Chief Financial Officer, provides periodic reports and updates, as needed, to our board of directors or our Audit Committee. In collecting information on enterprise risk, cybersecurity is included as a designated risk category, and the results of our enterprise risk assessment processes, including risks related to cybersecurity, are also discussed with the Audit Committee and among senior management on a periodic basis. Material Affects of Cybersecurity Incidents Except as disclosed in Part I, Item 1A, Risk Factors of this Annual Report on Form 10-K, including, without limitation, the risk factor under the heading If our internal information technology systems, or those used by our CROs, CMOs, clinical sites or other contractors or consultants upon which we rely, are or were compromised, become unavailable or suffer security breaches, loss or leakage of data or other disruptions, we could suffer material adverse consequences resulting from such compromise, including, but not limited to, operational or service interruption, harm to our reputation, litigation, fines, penalties and liability, compromise of sensitive information related to our business, and other adverse consequences , risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have not materially affected and are not reasonably likely to materially affect our company, including our business strategy, results of operations, or financial condition.

Company Information