YIELD10 BIOSCIENCE, INC. 10-K Cybersecurity GRC - 2024-04-01

Page last updated on April 11, 2024

YIELD10 BIOSCIENCE, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-04-01 16:10:23 EDT.

Filings

10-K filed on 2024-04-01

YIELD10 BIOSCIENCE, INC. filed an 10-K at 2024-04-01 16:10:23 EDT
Accession Number: 0001121702-24-000021

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Information technology is important to our business operations, and we are committed to protecting the privacy, security and integrity of the data we use in our business, as well as our employee and research data. The Company has a comprehensive cybersecurity program in place for assessing, identifying and managing cybersecurity risks that is designed to protect its systems and data from unauthorized access, use or other security impact. Through our third-party IT Service Team (“IT Service Team”), we continuously monitor and update our information technology networks and infrastructure to prevent, detect, address and mitigate risks associated with unauthorized access, misuse, computer viruses and other events that could have a security impact. Our IT Service Team invests in industry standard security technology to protect the Company s data and business processes against risk of cybersecurity incidents. Our data security management program includes identity, trust, vulnerability and threat management business processes, as well as adoption of standard data protection policies. 35 T able of Contents In terms of governance and oversight, the following is in place to enhance transparency and accountability in cybersecurity management: Responsibility Assignment The Company’s Vice President - Planning and Communications (VP P&C)) assumes an oversight role in overseeing the cybersecurity risk management program. The VP P&C collaborates with the Company’s leadership team and IT Service Team on the matters of cybersecurity across the Company. Cybersecurity risks fall within the purview of the Company’s Audit Committee and, ultimately, the Board of Directors. Regular oversight and reviews occur at established intervals. The Audit Committee engages in discussions with the COO and Company management at least once a year, covering various aspects of cybersecurity risk management, including recent developments, evolving standards, vulnerability assessments, and the threat environment. We measure our data security effectiveness by benchmarking against industry-accepted methods and we work to remediate any significant findings. We maintain and routinely test backup systems and disaster recovery and also have processes in place to prevent disruptions resulting from our implementation of new software and systems. Our IT Services Team has a comprehensive incident response plan to address cybersecurity incidents. Our incident response plan includes procedures for identifying, containing and responding to cybersecurity incidents and is subject to regular review and assessment to ensure that it is effective in protecting our information technology. To date, we believe that our cybersecurity program has been effective in protecting the confidentiality, integrity, and availability of the Company’s information. We cannot guarantee that our cybersecurity program will be successful in preventing all cybersecurity incidents. We currently maintain a cyber insurance policy that provides coverage against losses due to cybersecurity events, however, such insurance may not be sufficient in type or amount to cover us against all claims related to security breaches, cyber-attacks and other related breaches. We engage external consultants and computer security firms to enhance our cybersecurity oversight. Included within our cybersecurity program is the use of computer security firms to provide annual training to our employees to help them identify and report cybersecurity threats. While we are regularly subject to cybersecurity attacks, ransomware and other security breaches, we have not experienced any material cybersecurity incidents for the year ended December 31, 2023. We do not believe that there are currently any known risks from cybersecurity threats that are reasonably likely to materially affect us or our business strategy, results of operations or financial condition.

Company Information