Elicio Therapeutics, Inc. 10-K Cybersecurity GRC - 2024-03-29

Page last updated on April 11, 2024

Elicio Therapeutics, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-29 13:58:52 EDT.

Filings

10-K filed on 2024-03-29

Elicio Therapeutics, Inc. filed an 10-K at 2024-03-29 13:58:52 EDT
Accession Number: 0001601485-24-000023

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity We recognize the critical importance of protecting the confidentiality, integrity and availability of our business operations and systems. With this in mind, we have implemented and maintain an ongoing cybersecurity risk management program, under the oversight of our Board of Directors that is focused on identifying, assessing, 83 Table of Contents managing, and mitigating cybersecurity risk. Our cybersecurity policies, standards, processes and practices incorporate several standards, specifications, and requirements from the National Institute of Standards and Technology ( NIST ) Cybersecurity Framework, and other applicable industry standards. In general, we seek to address cybersecurity risks through a cross-functional approach that is focused on preserving the confidentiality, security and availability of the information that we collect and store by identifying, preventing and mitigating cybersecurity threats and effectively responding to cybersecurity incidents if they occur. Cybersecurity Risk Management and Strategy Effect of Risk To identify and assess material risks from cybersecurity threats, we maintain a cybersecurity program to ensure our systems are effective and prepared for information security risks. We consider risks from cybersecurity threats alongside other company risks as part of our overall risk assessment process. We employ a range of tools and services, including regular network and endpoint monitoring to inform our risk identification and assessment, as well as undertaking the following activities: monitor emerging data protection laws and implement changes to our processes that are designed to comply with such laws through our policies, practices and contracts (as applicable), require employees, as well as third parties that provide services on our behalf, to treat confidential information and data with care employ technical safeguards that are designed to protect our information systems from cybersecurity threats, including firewalls, device encryption, multi-factor authentication, advanced threat protection for emails, anti-virus and anti-malware functionality and access controls, which are evaluated and improved from time to time conduct regular phishing email simulations and cybersecurity training for all employees and contractors with access to our email systems to enhance awareness and responsiveness to possible threats and employ multiple backup systems for our data stored on our servers or other information systems. As part of the above processes, we regularly engage with third-party cybersecurity vendors to provide a range of services in furtherance of our cybersecurity program, including monitoring our cybersecurity systems and processes to help identify areas for continued focus, improvement and compliance. In addition, we also have a process to assess and review the cybersecurity practices of third-party vendors and service providers, including through the use of contractual security requirements and performing diligence, as appropriate. We face risks from cybersecurity threats that, if realized, are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition. For more information, see the section in our risk factors under the heading Our internal information technology systems, or those of our vendors, collaborators or other contractors or consultants, may fail or suffer cybersecurity incidents, loss of data, and other disruptions, which could result in a material disruption of our product development programs, compromise sensitive information related to our business or prevent us from accessing critical information, potentially exposing us to liability or otherwise adversely affecting our business . which disclosures are incorporated by reference herein. Cybersecurity Governance Management Cybersecurity is an important part of our risk management processes and an area of focus for our Board of Directors and management. Our Board of Directors has delegated the oversight of cybersecurity risks to our Audit Committee, which oversees management s implementation of our cybersecurity program. Our Audit Committee receives periodic updates from management of our cybersecurity program and risks, including, as necessary, any material cybersecurity threat risks or incidents, as well as the steps management has taken to respond to such risks. Members of our Audit Committee are also encouraged to engage in conversations with management on cybersecurity-related news events and discuss any updates to our cybersecurity risk management and strategy programs. The Committee reports to the full Board of Directors regarding its activities and risk management functions, including those related to cybersecurity. Our cybersecurity program, which is discussed in greater detail above, is led by our Chief Financial Officer with the help of our legal and human resources teams. Such individual has prior work experience in various roles involving managing information security and developing cybersecurity strategy and is responsible for supervising both our internal personnel and our retained third-party cybersecurity vendors. As discussed above, this management team member reports to the Audit Committee of our Board of Directors about cybersecurity related matters, periodically. Our management team is informed about and monitors the prevention, mitigation, detection, and remediation of cybersecurity incidents through their management of, and participation in, the cybersecurity risk management and strategy processes described above. In the last three fiscal years, we have not experienced any material cybersecurity incidents. 84 Table of Contents

Company Information