D-Wave Quantum Inc. 10-K Cybersecurity GRC - 2024-03-29

Page last updated on April 11, 2024

D-Wave Quantum Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-29 14:22:53 EDT.

Filings

10-K filed on 2024-03-29

D-Wave Quantum Inc. filed an 10-K at 2024-03-29 14:22:53 EDT
Accession Number: 0001907982-24-000049

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk management and strategy We have implemented policies and procedures to evaluate, identify, and handle material risks associated with cybersecurity threats. These protocols are integrated into a comprehensive risk register dedicated to our cloud-based platform and internal systems access. The register undergoes an annual review conducted by the internal information technology (IT) department, overseeing cybersecurity protection for our on-premises systems, and the DevOps department, responsible for cybersecurity protection in the cloud. We also conduct regular risk assessments to identify threats to our information security systems. These risk assessments include identification of reasonably foreseeable internal and external risks, the likelihood and potential damage that could result from such risks, and the sufficiency of existing policies, procedures, systems, and safeguards in place to manage such risks. We assess the risks facing the Company after our controls are accounted for, and then determine mitigation measures for each such risk. Our risk management processes also assess third party risks, and we perform third-party risk management to identify and mitigate risks from third parties such as vendors, suppliers, and other business partners. Following these risk assessments, we re-examine our systems and processes to ensure that reasonable safeguards are in place to minimize identified risks and address any issues that arise. The head of our IT department, who reports to our Chief Financial Officer, works with management to continuously evaluate and address cybersecurity risks in alignment with our business objectives and operational needs. As part of our overall risk management system, we monitor and test our safeguards and train our employees on these safeguards, in collaboration with IT and management. Personnel at all levels receive regular mandatory training on our cybersecurity policies and practices. We enlist third-party service providers to support us in conducting information security reviews of our infrastructure, and the evaluation of our company policies. These providers furnish comprehensive reports that delineate potential risks, categorized by criticality and associated level of effort. Subsequently, the Company will undertake a meticulous examination of the internal risk register to potentially recalibrate the likelihood of identified risks, taking into consideration the vulnerabilities unearthed by the third-party assessment. Depending on the type of services required, the sensitivity of the relevant IT systems and data, and the identity of the provider, our vendor management process may involve different levels of assessment designed to help identify cybersecurity risks associated with a provider and impose contractual obligations related to cybersecurity on the provider. Upon identifying vulnerabilities, we commit to addressing them promptly, prioritizing based on their criticality. High-priority remediation efforts will be coordinated with the collaboration of Enterprise IT and DevOps teams to ensure swift and effective resolution. While the Company’s Leap TM quantum cloud system holds SOC 2 Type 2 compliance, it’s noteworthy that the correlation extends to all our IT systems, even though they are not explicitly within the defined scope. As a result, these interconnected IT systems align with SOC 2 Type 2 standards. Similarly, our policies regarding cybersecurity and IT systems are relevant for SOC 2 Type 2 compliance, but also apply to everyone in the entire organization. We have not encountered cybersecurity challenges that have materially impaired our operations or financial standing. For additional information regarding risks from cybersecurity threats, please refer to Item 1A, Risk Factors, in this annual report on Form 10-K. 56 Governance Our board of directors addresses the Company s cybersecurity risk management as part of its general oversight function. Specifically, the board of directors audit committee, is responsible for overseeing management’s risk assessment and risk management policies, which include management of cybersecurity risk management processes. Our Chief Financial Officer and the head of our IT department are primarily responsible for managing our cybersecurity risks, mitigation strategies and responses to any such issues that may arise. Our Chief Financial Officer oversees the Company s IT department and has extensive experience in managing IT organizations and securing cybersecurity insurance coverages. The head of our IT department drives our strategic IT initiatives and cybersecurity risks assessments, drawing upon over two decades of enterprise technology management expertise. Our Chief Financial Officer and the head of our IT department oversee our cybersecurity policies and processes, including those described above. The Company s overall risks and assessments are monitored by a cross functional team composed of members of senior management, security, legal, information technology and financial reporting. A partnership exists between these aforementioned individuals and departments so that identified issues are addressed in a timely manner and incidents are escalated to the appropriate parties as required.

Company Information