Aileron Therapeutics, Inc. 10-K Cybersecurity GRC - 2024-04-15

Page last updated on April 15, 2024

Aileron Therapeutics, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-04-15 17:21:50 EDT.

Filings

10-K filed on 2024-04-15

Aileron Therapeutics, Inc. filed an 10-K at 2024-04-15 17:21:50 EDT
Accession Number: 0000950170-24-044508

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybe rsecurity Risk Management and Strategy We are a clinical stage biopharmaceutical company, with no commercial operations or revenue streams and our sole business activity has been ongoing research into our drug therapies. We assess material risks from cybersecurity threats on an ongoing basis, including any potential unauthorized occurrence on or conducted through our information systems that may result in adverse effects on the confidentiality, integrity, or availability of our information systems or any information residing therein. As our company grows, we plan to expand our strategy for cybersecurity in alignment with nationally accepted standards. We have not encountered cybersecurity risks that have materially affected or are reasonably likely to materially affect us or our business strategy. For additional information regarding risks from cybersecurity threats, please refer to Item 1A, Risk Factors, in this Annual Report on Form 10-K. Governance Our management and board of directors recognize the critical importance of maintaining the trust and confidence of our business partners and employees, including the importance of managing cybersecurity risks as part of our larger risk management program. While all of our personnel play a part in managing cybersecurity risks, one of the key functions of our board of directors is informed oversight of our risk management process, including risks from cybersecurity threats. Our board of directors is responsible for monitoring and assessing strategic risk exposure, and 93 our executive officers are responsible for the day-to-day management of the material risks that we face. Our Audit Committee, comprised of members with substantial experience in information technology governance and risk management, oversees our cybersecurity strategy. They are advised by a virtual CISO consultant with Certified Information Security Manager (CISM) and Certified Information Systems Security Professional (CISSP certifications, as well as extensive background in IT infrastructure, risk mitigation, and incident response planning. In general, we seek to address cybersecurity risks through a cross-functional approach that is focused on preserving the confidentiality, integrity, and availability of the information that we collect and store by identifying, preventing, and mitigating cybersecurity threats and effectively responding to cybersecurity incidents when they occur.

Company Information