Mural Oncology plc 10-K Cybersecurity GRC - 2024-03-26

Page last updated on April 11, 2024

Mural Oncology plc reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-26 16:42:58 EDT.

Filings

10-K filed on 2024-03-26

Mural Oncology plc filed an 10-K at 2024-03-26 16:42:58 EDT
Accession Number: 0000950170-24-036484

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybe rsecurity. Risk Management and Strategy We have certain processes for assessing, identifying and managing cybersecurity risks, which are included in our overall risk management program and designed to protect employee and patient information from unauthorized access or attack, as well as secure our networks and systems. Cybersecurity risks are also periodically reevaluated in additional detail based on our experience and on external information regarding emerging risks. To protect our information systems from cybersecurity threats, we use various security tools, tracking procedures and investigational procedures to identify, investigate, resolve potential security incidents in a timely manner. We also engage third-party vendors to assist with security management, incident detection and response. We have adopted guidelines and processes, led by our information technology ( IT ) department, for preventing cybersecurity incidents and for assessing and responding to such incidents should they occur. These guidelines and processes, as well as our overall cybersecurity risk management, include consideration of cybersecurity threats associated with our use of third-party service providers. We also consider the internal risk oversight programs of our third-party service providers before engaging them in order to help protect us from any related vulnerabilities. We do not believe that there are currently any known risks from cybersecurity threats that are reasonably likely to materially affect our company, including our business strategy, results of operations, or financial condition. We do not believe that cybersecurity threats resulting from any previous cybersecurity incidents of which we are aware are reasonably likely to materially affect our company. In an effort to deter and detect cybersecurity threats, we periodically provide all employees with a cybersecurity training and compliance program, which covers timely and relevant topics and educates employees on the importance of reporting immediately. We also use technology-based tools to mitigate cybersecurity risks and to bolster employee-based cybersecurity programs. Governance Our management is responsible for day-to-day risk management, while the audit committee of our Board of Directors has responsibility for the oversight of risk management, including overseeing the management of our risks from cybersecurity threats. Our Vice President, Information Technology ( VP IT ) is responsible for developing, implementing, and maintaining our processes and procedures for cybersecurity risk management and response. Our current VP IT has over thirty years of experience, which includes cybersecurity, information security, data protection, privacy, regulatory compliance and risk management within pharmaceutical and biotechnology companies. Any cybersecurity incidents are evaluated for potential impact and are reported, as appropriate to the severity, to our management, our Information Security Committee, our executive leadership and/or our board of directors. Our Information Security Committee, which is led by our VP IT and includes representatives from our IT, finance, and legal departments, meets regularly to review the incidence, impact assessment, and resolution of cybersecurity incidents, if any, and to assess evolving risks. Our Information Security Committee provides updates on cybersecurity incidents and responses and on cybersecurity risk management as needed and provides updates to executive leadership and to our Board of Directors.

Company Information