Carisma Therapeutics Inc. 10-K Cybersecurity GRC - 2024-04-01

Page last updated on April 11, 2024

Carisma Therapeutics Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-04-01 08:47:14 EDT.

Filings

10-K filed on 2024-04-01

Carisma Therapeutics Inc. filed an 10-K at 2024-04-01 08:47:14 EDT
Accession Number: 0001485003-24-000005

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Cybersecurity Risk Management and Strategy We have established processes for assessing, identifying and managing cybersecurity risks, which are built into our overall risk management program and are designed to help protect our information assets and operations from internal and external cyber threats, protect employee and patient information from unauthorized access or attack, as well as secure our networks and systems. Such processes include physical, procedural and technical safeguards. We engage certain third parties to enhance and assist with our cybersecurity oversight, including a 24/7 Security Operation Center, or SOC, that monitors network devices and computer systems in real time. We include confidentiality and data protection provisions in certain contracts with third-party service providers to help protect us and our patients from any related vulnerabilities. We do not believe that there are currently any known risks from cybersecurity threats that have or are reasonably likely to materially affect us or our business strategy, results of operations or financial condition. However, despite our efforts, we cannot eliminate all risks from cybersecurity threats, or provide assurances that we have not experienced undetected cybersecurity incidents. For more information on the most pertinent risks we may experience from cybersecurity threats, please refer to Part I, Item 1A, Risk Factors Our internal computer systems, or those of our collaborators, vendors, suppliers, contractors or consultants, may fail or suffer security breaches, which could result in a material disruption of our product development programs . Cybersecurity Governance and Oversight The audit committee of our board of directors provides oversight over cybersecurity risk and updates the full board of directors periodically regarding such oversight. The audit committee reviews and discusses with management the Company s major risk exposures, including cybersecurity matters, and is notified between such updates regarding significant new cybersecurity threats or incidents, if any. Our General Counsel leads the operational oversight of company-wide cybersecurity strategy, policy, standards and processes and works across relevant departments to assess and help prepare us and our employees to address cybersecurity risks. The consultant that operates our SOC updates the General Counsel regarding the detection of cybersecurity risk exposure and provides advice on the prevention, mitigation and remediation of such risks. The General Counsel keeps the senior executive leadership team apprised, including our Chief Executive Officer and Chief Financial Officer, on assessments of risk exposure to ensure that the highest levels of management are kept abreast of potential risks we are facing. The General Counsel has significant prior business experience in compliance and risk management and coordinates directly with the third party who operates our SOC on issues involving particular cybersecurity expertise. In an effort to help deter and detect cyber threats, we regularly provide all employees, including part-time and temporary employees, with data protection cybersecurity and incident prevention training throughout the year, which covers timely and relevant topics, including social engineering, phishing, password protection, confidential data protection, asset use and mobile security, and educates employees on the importance of reporting all incidents immediately. We also use technology-based tools to mitigate cybersecurity risks and to bolster our employee-based cybersecurity programs.

Company Information