Centessa Pharmaceuticals plc 10-K Cybersecurity GRC - 2024-03-28

Page last updated on July 16, 2024

Centessa Pharmaceuticals plc reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-28 16:44:50 EDT.


10-K filed on 2024-03-28

Centessa Pharmaceuticals plc filed a 10-K at 2024-03-28 16:44:50 EDT
Accession Number: 0001847903-24-000054

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Cybersecurity Risk Management We recognize the importance of developing, implementing, and maintaining cybersecurity measures designed to safeguard our information systems and protect the confidentiality, integrity, privacy, and availability of our data. We have implemented and integrated into our broader risk management framework a cybersecurity risk management program designed to promote a company-wide culture of cybersecurity risk awareness and management. Our cybersecurity risk management program includes a number of components, including periodic system audits and ongoing monitoring of critical risks from cybersecurity threats supported by third-party providers and technologies as well as automated tools. This process is designed to evaluate, assess, identify, and manage cyber risks in alignment with our business objectives and operational needs. In support of those efforts, we leverage a managed service provider (“MSP”) and also engage with other third-party providers, consultants, and auditors to support our cyber risk management program, including periodic engagement of third parties to conduct security assessments and testing related to our computer systems. We have a process to implement mitigation plans to monitor and address identified cyber risks. Additionally, we have implemented an employee education program that is designed to raise awareness of cybersecurity threats, including risks posed by phishing attempts. We have implemented a process for this training to be included during the employee onboarding process and periodically thereafter. We rely on our vendor network to enable the performance of core research and development activities, including clinical trials. As part of our cybersecurity risk management program, we therefore maintain processes to, prior to onboarding and periodically thereafter, assess and review vendor standards around cybersecurity, incident management, and personal data processing, as applicable. Additionally, as appropriate, we include security requirements in vendor contracts. We, like other companies in our industry, face a number of cybersecurity risks in connection with our business. Although our business strategy, results of operations, and financial condition have not, to date, been materially affected by risks from cybersecurity threats, including as a result of previously identified cybersecurity incidents, we have, from time to time, experienced threats to and security incidents related to our data and systems, including phishing attacks. For more information on our cybersecurity-related risks, see " Our internal computer systems have suffered, and our collaborators or other contractors or consultants may suffer from security breaches, which could result in a material disruption of our product development programs," in Item 1A “Risk Factors.” Governance The Board of Directors has responsibility for oversight of cybersecurity risk management. As part of our enterprise risk management program, the Board has established oversight mechanisms that seek to implement effective governance in managing risks associated with cybersecurity threats. Day-to-day responsibility for assessing, monitoring, and managing our cybersecurity risk management program rests with our IT Department, who consults with our MSP as well as members of our finance and legal teams as appropriate, and our Head of Compliance on cyber matters. Our Head of Compliance oversees our risk management governance and periodic compliance testing and works with our IT Department and other functions, as appropriate, on the mitigation and management of identified cyber risks. The IT Department, together with our MSP executes the cybersecurity strategy. The IT Department and Head of Compliance report periodically to the General Counsel as well as to our Governance, Risk Management, and Compliance Committee (“GRC Committee”) on cyber matters. Our GRC Committee is responsible for monitoring and overseeing our overall enterprise risk management process, including assessing, identifying, and managing cybersecurity related risks as part of its annual assessment of critical risks facing the Company. On at least an annual basis, the Head of Compliance, the General Counsel, the GRC Committee, and the IT Department, in consultation with our MSP, provide an update to the Board regarding critical cybersecurity risks and ongoing cybersecurity initiatives and strategies. We have implemented a process for significant cybersecurity matters and strategic risk management decisions related to cyber risks to be escalated to the GRC Committee and/or the Board, as appropriate.

Company Information

NameCentessa Pharmaceuticals plc
SIC DescriptionPharmaceutical Preparations
TickerCNTA - Nasdaq
CategoryNon-accelerated filer
Smaller reporting company
Emerging growth company
Fiscal Year EndDecember 30