Tevogen Bio Holdings Inc. 10-K Cybersecurity GRC - 2024-04-26

Page last updated on April 29, 2024

Tevogen Bio Holdings Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-04-26 21:21:58 EDT.

Filings

10-K filed on 2024-04-26

Tevogen Bio Holdings Inc. filed an 10-K at 2024-04-26 21:21:58 EDT
Accession Number: 0001493152-24-016796

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Cybersecurity Program The security and availability of our information systems and the protection of the information we collect, create, process, and store are important to our business. We have implemented a cybersecurity program that is designed to support both the effectiveness of our systems and our preparedness for information security risks. This program includes a number of safeguards, such as: multi-factor authentication monitoring internal and cloud-based systems for threats email filters cybersecurity awareness training limitation on the use of third-party devices conditional access rules and regular evaluations of our cybersecurity program. We use a risk-based approach with respect to our use and oversight of third-party service providers and vendors, tailoring processes according to the nature and sensitivity of the data accessed, processed, or stored by such third-party service provider. We use numerous means to assess cyber risks related to our third-party service providers, including for example use of a managed security service provider ( MSSP ) that monitors cybersecurity events for our cloud systems. We also seek to include appropriate security terms in our contracts where applicable as part of our oversight of third-party service providers. Governance Management Oversight The controls and processes employed to assess, identify , and manage material risks from cybersecurity threats are implemented and overseen by our Chief Information Officer ( CIO ). Our CIO has more than 20 years of information technology experience, including seven years specializing in cybersecurity. Our CIO is responsible for assessing the impact of cybersecurity threats and incidents, assessing whether and to what extent they can be contained and mitigated, containing and mitigating them, remediating incidents, and performing post-incident analysis and program enhancements. In the event of a significant cybersecurity incident, our CIO would engage senior management to inform them of the incident and related threats and response. We would also likely engage a third-party incident response vendor to assist us in the event of a significant cybersecurity incident. Our Chief Executive Officer directly oversees our CIO and regularly receives information on cybersecurity risks from our CIO as they arise. Our CIO, in turn, is informed about risks from cybersecurity threats through dashboards, email alerts, reporting from the MSSP, and regular review of our systems and information technology environment. Board Oversight While the Board has overall responsibility for risk oversight, the Board delegated to the audit committee the responsibility for assisting the Board with oversight and monitoring of matters relating to our risk assessment, risk management, and risk mitigation policies and programs, including matters related to privacy, information technology , and cybersecurity, and for reviewing and discussing with management our risk exposures related to these matters. In its oversight role, the Board is expected to specifically consider risks that relate to our reputation and the general industry in which we operate, including with respect to privacy, information technology and cybersecurity , and threats to technology infrastructure. Our CIO is expected to report to and brief the Board and the audit committee on cybersecurity matters, including key risks, the potential impact of those exposures on our business, financial results, operations, and reputation, as well as the programs and steps implemented by management to monitor and mitigate risks. The reporting cadence and structure continues to develop, including as following the Business Combination we are a newly public company with a newly established audit committee. Cybersecurity Risks Our cybersecurity risk management processes are integrated into our overall approach to risk management. Given the nature and size of our Company, we do not have a dedicated enterprise risk function, but our executives regularly consider and evaluate risks to our Company. As part of that risk management process, members of our executive team identify, assess , and evaluate risks impacting our operations, including those risks related to cybersecurity, and raise them for discussion with other executives, and where it is determined to be appropriate, issues are also raised to the Board for consideration. 77 As of the date of this Annual Report, we are not aware of any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, that have materially affected our business strategy, results of operations , or financial condition or are reasonably likely to have such a material effect. While we have implemented a cybersecurity program, the techniques used to infiltrate information technology systems continue to evolve. Accordingly, we may not be able to timely detect threats or anticipate and implement security measures adequate to prevent cybersecurity incidents or fully mitigate their impact. For additional information regarding risks relating to privacy and cybersecurity, see Item 1A Risk Factors .

Company Information