Vigil Neuroscience, Inc. 10-K Cybersecurity GRC - 2024-03-26

Page last updated on April 11, 2024

Vigil Neuroscience, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-26 07:30:39 EDT.

Filings

10-K filed on 2024-03-26

Vigil Neuroscience, Inc. filed an 10-K at 2024-03-26 07:30:39 EDT
Accession Number: 0000950170-24-036158

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. Cybersecurity Risk Management and Strategy The Company, under the oversight of the audit committee of the board of directors, has implemented and maintains an enterprise risk management program that includes a cybersecurity risk management program designed to identify, assess, and mitigate critical risks from cybersecurity threats. Our cybersecurity risk management program is informed by industry standards and includes, but is not limited to, ongoing monitoring for potential critical risks from cybersecurity threats using automated tools. We have a process designed to monitor and address identified cybersecurity risks. To support our cybersecurity risk management program, we leverage a managed security service provider (MSSP) and also engage with other third-party providers and cybersecurity consultants as appropriate, including engagement of third parties to assist with managed detection and response and vulnerability management and to perform periodic penetration testing, and other vulnerability analyses. As part of our cybersecurity risk management program, we have a process to assess and review the cybersecurity practices of certain third-party vendors and service providers that may be critical to the operations of our business and who have access to our information systems or store our confidential data, including, as appropriate, through review of vendor questionnaires and the inclusion of cybersecurity requirements in contracts. We also have an employee education and training program, offered during onboarding and on a periodic basis thereafter, that is designed to raise awareness of cybersecurity threats across functions as well as to encourage consideration of cybersecurity risks across our Company. As part of this employee training program, we periodically conduct phishing simulations designed to raise employee awareness of such risks. We have not identified any cybersecurity incidents or threats that have materially affected us or are reasonably likely to materially affect us, including our business strategy, results of operations or financial condition however, like other companies in our industry, we and our third-party vendors have, from time to time, experienced threats and security incidents relating to our and our third-party vendors information systems. See Item 1A Risk Factors in this Annual Report on Form 10 K for more information. Cybersecurity Program Oversight and Governance Our Head of Information Technology serves as our Information Security Officer (ISO) and has primary responsibility for managing our information technology team and external service providers and for generally assessing and managing our cybersecurity risk management program. Currently, the ISO role is held by an individual who has more than 20 years of experience in leading information security teams and who has implemented and managed cybersecurity programs for other publicly-traded biotechnology companies. Our ISO s experience includes developing and maintaining tools and processes designed to protect internal computer and telecommunications networks used to store, process, and transmit personal and confidential data. Our ISO reports directly to, and meets periodically with, our Chief Financial Officer (CFO) to discuss and review our cybersecurity risk management processes, including our cybersecurity metrics, with input from the Company s MSSP and other third-party providers and cybersecurity consultants, as appropriate. Our ISO also works closely with our Chief Compliance Officer (CCO) in the establishment and management of controls and processes that underpin our cybersecurity risk management program and meets periodically with our entire executive management team, including our Chief Executive Officer, regarding cybersecurity threats and our cybersecurity risk management program. We have implemented a process for the ISO to report relevant findings from penetration testing and cybersecurity assessments conducted by third-party consultants to members of our management team, including our CFO and CCO, as appropriate. Our board of directors has delegated oversight of the Company s cybersecurity program to the audit committee of the board of directors. As provided in the audit committee charter, the audit committee is responsible for reviewing and discussing the Company s information security and risk management programs, controls, and procedures, including high-level review of the threat landscape facing the Company and the Company s strategy to mitigate cybersecurity risks and potential breaches. Under the audit committee charter, the audit committee is also responsible for reviewing the recovery and communication plans for any unplanned outage or security breach, where applicable. 88 In connection with its oversight of our broader enterprise risk management program, our ISO, on a periodic basis, provides reports to the audit committee on the status of our cybersecurity program, including measures implemented to monitor and address risks from cybersecurity threats, as appropriate. The chair of the audit committee and the ISO provide periodic reports on cybersecurity risk management to the full board of directors.

Company Information