Eliem Therapeutics, Inc. 10-K Cybersecurity GRC - 2024-03-28

Page last updated on April 11, 2024

Eliem Therapeutics, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-28 16:05:43 EDT.

Filings

10-K filed on 2024-03-28

Eliem Therapeutics, Inc. filed an 10-K at 2024-03-28 16:05:43 EDT
Accession Number: 0000950170-24-038023

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy We have implemented and maintain various information security processes designed to identify, assess and manage material risks from cybersecurity threats to our critical computer networks, third party hosted services, communications systems, and our critical data, including intellectual property, confidential information that is proprietary, strategic or competitive in nature, and data related to participants in preclinical studies and clinical trials involving certain of our product candidates. (Information Systems and Data). Members of our management team, with the assistance of third-party technical advisors, help identify, assess and manage our cybersecurity threats and risks. Our third-party technical advisors include consultants with over 20 years of experience in IT leadership as well as subject matter experts in cybersecurity that have extensive experience managing cybersecurity programs. We manage, identify and assess risks from cybersecurity threats by monitoring and evaluating our threat environment and risk profile using various methods including, for example: through the use of automated tools, including but not limited to tools for monitoring, remote wiping, threat detection, intrusion detection and prevention conducting (through third parties) regular audits and threat assessments for internal and external threats subscribing to reports and services that identify cybersecurity threats analyzing reports of threats and actors conducting vulnerability assessments to identify vulnerabilities evaluating our and our industry s risk profile and evaluating threats reported to us. Depending on the environment, we implement and maintain various processes, standards and policies designed to manage and mitigate material risks from cybersecurity threats to our Information Systems and Data, including, for example: risk assessments, implementation of security standards and certifications, encryption of data in transit and at rest, network security controls, data segregation, access controls, systems monitoring, vendor risk management program, employee training and penetration testing. As part of our cybersecurity risk management program, we maintain processes to assess and review the cybersecurity practices of third-party vendors and suppliers. Prior to engaging key third-party vendors and suppliers, we conduct a security assessment and, as appropriate, include security requirements in contracts. We, like other companies in our industry, face cybersecurity risks in connection with our business. However, our business strategy, results of operations, and financial condition have not, to date, been materially affected by risks from cybersecurity threats. For more information on our cybersecurity related risks, see Risk Factors under Part I, Item 1A of this Annual Report. Governance Our board of directors considers cybersecurity risk management as part of its general oversight function. The audit committee of our board of directors is responsible for overseeing our cybersecurity risk management processes, including oversight and mitigation of risks from cybersecurity threats. Our management team provides periodic updates to the audit committee regarding our cybersecurity program, including information about cyber risk management governance and status updates on various projects intended to enhance the overall cybersecurity posture of the Company.

Company Information