Syros Pharmaceuticals, Inc. 10-K Cybersecurity GRC - 2024-03-27

Page last updated on April 11, 2024

Syros Pharmaceuticals, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-27 06:49:19 EDT.

Filings

10-K filed on 2024-03-27

Syros Pharmaceuticals, Inc. filed an 10-K at 2024-03-27 06:49:19 EDT
Accession Number: 0000950170-24-036808

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY We have certain processes for assessing, identifying, and managing cybersecurity risks, which are built into our information technology function and are designed to help protect our information assets and operations from internal and external cyber threats, protect employee, customer and patient information from unauthorized access or attack, as well as secure our networks and systems. Such processes include physical, procedural, and technical safeguards, response plans, regular vulnerability testing on our systems, incident simulations and routine review of our policies and procedures to identify risks and adapt our practices. We engage certain external parties, including a managed security service provider, independent privacy assessors, computer security firms and risk management, peer companies, industry groups and governance experts, to ensure our cybersecurity oversight. Our board of directors does not believe that there are currently any known risks from cybersecurity threats that are reasonably likely to materially affect the Company or its business strategy, results of operations or financial condition. The Audit Committee of the board of directors provides direct oversight over cybersecurity risk and provides updates to the board of directors regarding such oversight. The Audit Committee receives quarterly updates from management regarding cybersecurity matters. Our Senior Director of Information Technology leads the operational oversight of company-wide cybersecurity strategy, policy, standards, and processes and works across relevant departments to assess and help prepare us and our employees to maintain awareness of cybersecurity risks, including email, web, and data security. The Senior Director of Information Technology has over 25 years of experience designing, implementing, and running information technology and cybersecurity programs and processes using the National Institute of Standards and Technology, or NIST, Framework. To deter and detect cyber threats, we annually provide all employees, including part-time and temporary employees, with a data protection, cybersecurity and incident response and prevention training and compliance program, which covers timely and relevant topics, including social engineering, phishing, password protection, confidential data protection, asset use and mobile security, and educates employees on the importance of reporting all incidents immediately. To mitigate cybersecurity risks and bolster our employee-based cybersecurity programs, we monitor all user traffic and restrict access by country. In addition, access to web sites is filtered and monitored, and credentials for systems and services require multi-factor authentication whenever possible. 77

Company Information