International Stem Cell CORP 10-K Cybersecurity GRC - 2024-03-28

Page last updated on April 11, 2024

International Stem Cell CORP reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-28 16:30:53 EDT.

Filings

10-K filed on 2024-03-28

International Stem Cell CORP filed an 10-K at 2024-03-28 16:30:53 EDT
Accession Number: 0000950170-24-038092

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY. We continue to evaluate and improve the capabilities of our people, processes, and technologies to address our cybersecurity risks. Our cybersecurity risks, and the controls designed to mitigate those risks, are integrated into our overall risk management governance, and are reviewed by our Board of Directors annually. Risk Management and Strategy As of December 31, 2023, we have implemented thorough cybersecurity and data protection policies and procedures. Risks from cybersecurity threats are often assessed as a part of our broader risk management activities and as a fundamental component of our internal control system. Our employees and contractors are required to complete annual cybersecurity awareness trainings, including specific topics related to browser safety, data protection, and email fraud. We have competent employees and consultants with a firm understanding of cybersecurity related to our industry. We invest in advanced technologies for continuous cybersecurity monitoring across our information technology environment which are designed to prevent, detect, and minimize cybersecurity attacks, as well as notify management of such attacks in a timely manner. Our Information Technology General Controls are firmly established based on recognized industry standards and addresses matters such as risk management, data backup, and disaster recovery. We also engage an outsourced information technology consultant to actively monitor and mitigate security threats, as well as identify vulnerabilities and respond to all cybersecurity incidents affecting us, including timely communication of significant security incidents to senior business leadership and our Board of Directors. Governance Our Board of Directors is responsible for overseeing our cyber security risk management and strategy. Our senior leadership, including our Chief Executive Officer and Principal Financial Officer, frequently meets with and provides informative updates to our Board of Directors regarding our cybersecurity risks and activities, including any recent cyber security incidents and related responses, cybersecurity systems testing, and activities of third parties. Our Information Security Team is outsourced to two separate service providers, one of which oversees all aspects of IT and facilities to ensure the Company s infrastructure, including intellectual property, is protected. Specifically, this service provider is tasked with communicating any issues or updates necessary and possesses the appropriate level of expertise to assess and manage the Company s cyber security risk. This service provider reports to our Principal Financial Officer, who oversees prevention, detection, mitigation, and remediation efforts through regular communication and reporting channels within our organization and with service providers. Cybersecurity Threat Disclosure While we have not, as of the date of this Annual Report, experienced a cybersecurity threat or incident that has had a material impact on our business or operations, there can be no guarantee that we will not experience an incident that results in a material impact to our business or operations in the future. In addition, cybersecurity threats are constantly evolving and increasing in sophistication, which increases the difficulty of successfully defending against them or implementing adequate preventative measures. Refer to Part I, Item 1A. Risk Factors for further discussion of cybersecurity risks.

Company Information