Talis Biomedical Corp 10-K Cybersecurity GRC - 2024-03-28

Page last updated on April 11, 2024

Talis Biomedical Corp reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-28 09:08:13 EDT.

Filings

10-K filed on 2024-03-28

Talis Biomedical Corp filed an 10-K at 2024-03-28 09:08:13 EDT
Accession Number: 0000950170-24-037648

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. Cybersecurity Risk Management and Strategy The Company maintains a cybersecurity program designed to detect, identify, classify and mitigate cyber security and other data security threats, as part of its efforts to protect and maintain the confidentiality and security of customer, employee and vendor information, and non-public information about the Company. Our cyber security program is led by the Company’s SVP, Head of Legal and Compliance. The Company and its third-party service providers conduct periodic risk assessments to identify significant cybersecurity threats that may affect information systems that are vulnerable to such cyber security threats and regularly review these risk assessments for changes in our business practices and the external cybersecurity landscape as well as the impact of our security processes. These risk assessments include physical, administrative and technical safeguards and involves identification of reasonably foreseeable internal and external risks and evaluation of the likelihood and potential damage that could result from the realization of such risks. Following our risk assessments, we evaluate when and how to design, implement, and maintain reasonable safeguards to minimize the identified risks and address any identified gaps in existing safeguards, and proceed with such design, implementation, and maintenance as deemed appropriate. We also engage third-party service providers in connection with our risk assessment process and certain risk management processes. Our collaboration with these third-party service providers includes threat assessments and consultation on security enhancements, 24/7 monitoring and incident response support. Based on the information we have as of the date of this Form 10-K, we do not believe any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations or financial condition. See Item 1A. Risk Factors for further information about these risks. Cybersecurity Governance Our Board of Directors is focused on cyber security. Specific responsibility for cybersecurity oversight is managed by the Audit Committee. The SVP, Head of Legal and Compliance is responsible for the management and mitigation of identified risks and the presentation of any changes in risk factors, identified risks, overall cybersecurity efforts and upcoming improvements to the Audit Committee. The SVP, Head of Legal and Compliance is also responsible for the response to and the remediation and resolution of a security incident involving a potential or actual compromise of our proprietary information and/or personal information. The SVP, 65 Head of Legal and Compliance reports to the Audit Committee quarterly with respect to the Company s cybersecurity infrastructure and risk assessment and reports any security incidents to the Audit Committee. The Audit Committee will report the Company s cybersecurity infrastructure and risk assessment and any findings and recommendations to the full Board of Directors for consideration if and when the Audit Committee deems it necessary or appropriate. In the event of a cybersecurity incident, the Company’s SVP, Head of Legal and Compliance is equipped with a well-defined Incident Response and Reporting Policy (IRRP) to guide response, reporting, and recovery actions. This IRRP includes immediate actions to mitigate the impact of the incident, long-term strategies for remediation and prevention of future incidents, and provides for internal notification of the incident to functional areas as well as senior leadership and the Board of Directors, as appropriate.

Company Information