SAB Biotherapeutics, Inc. 10-K Cybersecurity GRC - 2024-03-28

Page last updated on April 11, 2024

SAB Biotherapeutics, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-28 17:43:03 EDT.

Filings

10-K filed on 2024-03-28

SAB Biotherapeutics, Inc. filed an 10-K at 2024-03-28 17:43:03 EDT
Accession Number: 0000950170-24-038219

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. Risk management and strategy We recognize the critical importance of developing, implementing, and maintaining cybersecurity measures to safeguard our information systems and protect the confidentiality, integrity, and availability of our data. Managing Material Risks & Integrated Overall Risk Management We have implemented tools, processes, and strategies to promote a company-wide culture of cybersecurity risk management. This ensures that cybersecurity considerations are integrated into our decision-making processes to monitor and manage risk. Our IT Department works closely with our leadership and key operating personnel to evaluate and address cybersecurity risks in alignment with our business objectives and operational needs. 63 Engage Third-parties on Risk Management Due to the complexity and evolving nature of cybersecurity threats, we engaged with a cybersecurity assessment firm as an external expert, to evaluate and test our risk management systems. This partnership enables us to leverage specialized knowledge and insights, of dedicated cybersecurity firms. Our collaborations with this third-party include regular system audits, threat assessments, 24-hour monitoring, and consultation on security enhancements. Oversee Third-party Risk Because we are aware of the risks associated with third-party service providers, we conduct security assessments of all third-party providers before engagement to ensure compliance with industry cybersecurity standards and frameworks. This includes assessments performed by our Senior Director of IT, who oversees the Company s cybersecurity function. Risks from Cybersecurity Threats We have not encountered cybersecurity challenges that have materially impaired our operations or financial standing. Although we have not experienced cybersecurity incidents, a significant cybersecurity incidence could reasonably have a material adverse effect as against us, such as malware or ransomware attacks or DoS attacks, which could lead to business disruptions, unplanned downtimes or outages, particularly in critical systems or services, may impact our ability to operate efficiently, affecting business continuity. Governance We have implemented standard operating procedures to define the channels by which cybersecurity threats are communicated to the Board. This ensures that Board has oversight and effective governance in managing risks associated with cybersecurity threats. Board of Directors Oversight The Audit Committee is central to the Board s oversight of cybersecurity risks and bears the primary responsibility for this domain. The Audit Committee is composed of board members with diverse expertise including, risk management, and finance, which we believe equips them to oversee cybersecurity and other risks effectively. Management s Role Managing Risk The Senior Director of IT plays a pivotal role in informing the Audit Committee on cybersecurity risks. This role provides briefings to the Audit Committee on a regular basis, with a minimum frequency of once per year. These briefings encompass a broad range of topics, including: Current cybersecurity landscape and emerging threats Status of ongoing cybersecurity initiatives and strategies Incident reports and learnings from any cybersecurity events and Compliance with regulatory requirements and industry standards. Risk Management Personnel Primary responsibility for assessing, monitoring and managing our cybersecurity risks rests with the Senior Director of IT and department staff. Our IT team oversees our governance programs, tests our compliance with standards, remediates known risks, stays informed of significant developments in the cybersecurity domain, and leads our employee training program. Monitor Cybersecurity Incidents The Senior Director of IT is continually informed about the latest developments in cybersecurity, including potential threats and innovative risk management techniques. This ongoing knowledge acquisition is crucial for the effective prevention, detection, mitigation, and remediation of cybersecurity incidents. Under his direction, the IT department implements and oversees processes for the regular monitoring of our information systems. This includes the deployment of advanced security measures and regular system audits to identify potential vulnerabilities. In the event of a cybersecurity incident, the IT department is equipped with a well-defined written procedure. This plan includes immediate actions to mitigate the impact and long-term strategies for remediation and prevention of future incidents. Reporting to Board of Directors The Senior Director of IT consistently communicates with the Audit Committee regarding critical cybersecurity risks and incidents, ensuring that the organization’s highest governance bodies remain well-informed about our cybersecurity status and 64 potential vulnerabilities. Moreover, matters of significant cybersecurity importance, along with strategic risk management decisions, are promptly escalated to the Board of Directors. This process ensures that the Board maintains thorough oversight and is equipped to offer informed guidance on critical cybersecurity issues.

Company Information