ASSEMBLY BIOSCIENCES, INC. 10-K Cybersecurity GRC - 2024-03-28

Page last updated on April 11, 2024

ASSEMBLY BIOSCIENCES, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-28 16:15:41 EDT.

Filings

10-K filed on 2024-03-28

ASSEMBLY BIOSCIENCES, INC. filed an 10-K at 2024-03-28 16:15:41 EDT
Accession Number: 0000950170-24-038057

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy We recognize the critical importance of developing, implementing, and maintaining robust cybersecurity measures to help maintain the security, confidentiality, integrity, and availability of our business systems and confidential information, including personal information and intellectual property. Our cybersecurity program includes systems and processes that are designed to assess, identify and manage material risks from cybersecurity threats and includes: maintenance and monitoring of information security policies aligned with global regulatory controls user and employee awareness of cyber policies and practices simulated phishing exercises information systems configuration management identity and information asset protection infrastructure security systems and cyber threat operations with regular monitoring and threat hunting. This program includes processes to oversee and identify material risks from cybersecurity threats associated with our use of third-party service providers. We also maintain a cyber incident response plan designed to assist us in identifying, responding to and recovering from cybersecurity incidents. We use the findings from these and other processes to help us improve our information security practices, procedures and technologies. We also collaborate with third parties to assess the effectiveness of our cybersecurity program. These include cybersecurity assessors, consultants, and other external cybersecurity experts to assist in the identification, verification, and validation of material risks from cybersecurity threats, as well as to support associated mitigation plans when necessary. Cybersecurity is integrated into our overall risk management systems, including our annual enterprise risk management, internal controls, business continuity and crisis management, third-party risk management, insurance risk management, and employee compliance processes. Our Cyber Incident Response Team, comprised of our Vice President, General Counsel and Corporate Secretary, our Executive Director, Accounting and Treasury, and our Executive Director, Information Technology, consults with, or provides input to each of these programs to ensure that material risks from cybersecurity threats are appropriately assessed, identified, and managed. As of the date of this report, there have been no cybersecurity threats, including as a result of any previous cybersecurity incidents, that have materially affected or are reasonably likely to materially affect us, including our business, strategy, results of operations, or financial condition. For additional description of cybersecurity risks and potential related impacts on the Company, refer to the risk factor captioned Significant disruptions of information technology systems or breaches of data security, including cybersecurity incidents, could materially and adversely affect our business, results of operations and financial condition in Item 1A. Risk Factors. 32 Governance While our board of directors has oversight responsibility for risk management generally, the Audit Committee is specifically responsible for overseeing our cybersecurity risk management program to ensure cybersecurity risks are identified, assessed, managed, and monitored. Our Executive Director, Information Technology, who has over 15 years of experience in the cybersecurity field, provides periodic updates to the Audit Committee in this regard, and details our cybersecurity program supported by key performance indicators across the range of cybersecurity functions related to risk management and governance, identity and information asset protection, core security and endpoint security, and cyber threat operations. These updates include descriptions of cybersecurity incidents, including those associated with our third-party service providers. The Audit Committee is responsible for updating our full board of directors on material risks from cybersecurity incidents or threats.

Company Information