Inhibikase Therapeutics, Inc. 10-K Cybersecurity GRC - 2024-03-27

Page last updated on April 11, 2024

Inhibikase Therapeutics, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-27 16:05:36 EDT.

Filings

10-K filed on 2024-03-27

Inhibikase Therapeutics, Inc. filed an 10-K at 2024-03-27 16:05:36 EDT
Accession Number: 0000950170-24-037160

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. Risk Management and Strategy We recognize the importance of developing, implementing and maintaining cybersecurity measures to safeguard our information systems and protect the confidentiality, integrity, and availability of data. We have integrated cybersecurity risk management into our broader risk management framework. Our digital and technology organization outside the Company continually addresses cybersecurity risk in alignment with our business objectives and operational needs. Our cybersecurity program is focused on the following areas: 76 Governance: We leverage multiple cybersecurity frameworks (e.g., ISO 27001 and NIST CSF) and regulatory requirements to inform our externally managed information technology ( IT ) infrastructure. Policies for IT use and management for each employee are part of the employee onboarding process and those policies are refreshed periodically as threats emerge that could be relevant to our IT infrastructure. Technical Safeguards: The Company does not use a centralized server where all information is stored and therefore where all information is placed at risk. Instead, we deploy technical and procedural measures using a distributed model so that no one location or machine could cripple the company s IT infrastructure. Protection measures include network firewalls, network intrusion detection and prevention, penetration testing, vulnerability assessments and monthly risk assessments and management, threat intelligence, anti-malware and access controls, plus data loss prevention and monitoring. Security Awareness / Training: All employees are required to adhere to our Standards of Business Conduct, which identifies an employee’s responsibility for information security. We also disseminate security awareness information periodically throughout the year. Third-Party Suppliers and Service Providers: We manage our IT infrastructure with an external vendor who maintains and evaluates risk exposure in real-time and conducts monthly risk assessments and adjustments to preclude cyberattacks. Vendor security reviews evaluate numerous key security controls and the outputs of these reviews are used as part of business decisions regarding storage and dissemination of virtual data and to assess a vendor’s overall security posture. Risks from Cybersecurity Threats While we are subject to ongoing cybersecurity threats, the risks from these threats have not materially affected, or are reasonably likely to materially affect the company, including our business strategy, results of operations or financial condition. For additional information regarding risks from cybersecurity threats, see “Item 1A. Risk Factors-Risks Related to Our Operations” in this Annual Report. Board Oversight of Cybersecurity Risks Our Board of Directors (Board) is responsible for the oversight of our risk management program and regularly reviews information regarding our most significant strategic, operational, financial, legal and compliance risks, including cybersecurity risks. The Board reviews mitigation plans through discussions with management, which includes regular Board reports and findings from management s monthly discussions with our outside IT group. Our Board of Directors also reviews and approves our cybersecurity policies, strategies, and budgets on an annual basis. Management’s Role in Assessing and Managing Cybersecurity Risks Our CEO in conjunction with our external IT team are responsible for setting the strategy and communicating cybersecurity risks. With the Company s distributed model of data storage, risks have been limited and the Company has not experienced a cybersecurity breach. The Company s security measures and monthly system audits to identify potential vulnerabilities and remediate deficiencies in real time.

Company Information