REPLIGEN CORP 10-K Cybersecurity GRC - 2026-02-26

Page last updated on February 26, 2026

REPLIGEN CORP reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-02-26 16:03:42 EST.

Company Summary

Repligen is a biopharmaceutical company developing consumable products for the manufacture of biological drugs.

Filings

10-K filed on 2026-02-26

REPLIGEN CORP filed a 10-K at 2026-02-26 16:03:42 EST
Accession Number: 0001193125-26-076528

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Governance Related to Cybersecurity Risks Our Board of Directors (the "Board") holds overall oversight responsibility for the Company's strategy and risk management, including in relation to cybersecurity risks. Our Board exercises its oversight function through the Audit Committee, which oversees the management of risk exposure across various areas, including data security risks, in accordance with its charter. The Audit Committee receives quarterly reports from our Chief Information Officer ("CIO") on the status of the Company's cybersecurity program, including measures implemented to monitor and address cybersecurity risks and threats, as appropriate. The Company has an enterprise risk management committee ("ERMC") that is composed of senior management, including the CIO and other senior executives. The ERMC monitors and oversees risk areas that could have a high impact on the business, and cybersecurity is currently one of the ERMC's priority focus areas. The ERMC reports on our top identified risks and steps to address those risks to the full Board on a semi-annual basis. At the management level, our Senior Director of Cyber Security and IT Risk Management is primarily responsible for leading our cybersecurity strategy for assessing and managing material risks from cybersecurity threats. He has over 20 years of cybersecurity experience across a wide array of industries, specializing in enterprise security strategy, regulatory compliance and building high-performing cyber programs that support global business operations. Our Senior Director of Cyber Security and IT Risk Management reports directly to our CIO, who is a member of our leadership team and r eports to our Chief Financial Officer. Our current CIO has over 29 years of global IT leadership experiences across diverse industries and has spent the last 15 years in the Life Sciences and Health Care sectors. He is responsible for driving the organizations technology strategy, driving innovation, optimizing IT operations, protecting the company's assets, and optimizing business productivity. He is accountable for setting the directional security strategy and continuous improvement plans. He brings a wealth of experience leading and partnering with legal, compliance and audit teams, and leading cybersecurity and enterprise risk management teams. We also work with a managed security service provider to monitor for vulnerabilities and threats. The service provider has the authority to take remedial actions for critical and high vulnerabilities, which are reported to the Cyber Security and Risk Management Team, and where appropriate, to the CIO and other members of senior management. We engage employees in our cybersecurity efforts through quarterly mandatory security and awareness training as well as monthly simulated phishing campaigns. We also conduct specific training and tabletop exercises for key personnel involved in cybersecurity risk management. Cybersecurity Risk Management and Strategy We maintain a cybersecurity program, which is informed by industry standards, that includes processes for identification, assessment, and management of cybersecurity risks and which is integrated into our larger enterprise-wide risk management program. We conduct periodic risk assessments, including support from external vendors, to assess our cyber program, identify areas of enhancement, and develop strategies for the mitigation of cyber risks. We also conduct regular security penetration testing and have established a vulnerability management process supported by security testing, to treat identified security risks based on severity. Third parties that access, process, collect, share, create, store, transmit or destroy our information or have access to our systems may have additional contractual controls. Our Cyber Security and Risk Management Team is informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity risks through various means, including leveraging managed security service providers and other third-party security software and technology services. In addition, we institute processes and technologies for the monitoring of security alerts from internal parties and external resources, including from information security research sources. We also have implemented processes and technologies for network monitoring and data loss prevention. We do not believe that risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected us, our business strategy, results of operations or financial condition. There is no guarantee that future incidents will not have a material impact on our business strategy, results of operations, or financial condition in the future. Refer to Part I, Item 1A, " Risk Factors ," included in this Annual Report on Form 10-K for more information.

Company Information