ROCKET PHARMACEUTICALS, INC. 10-K Cybersecurity GRC - 2026-02-26

Page last updated on February 26, 2026

ROCKET PHARMACEUTICALS, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-02-26 16:06:04 EST.

Filings

10-K filed on 2026-02-26

ROCKET PHARMACEUTICALS, INC. filed a 10-K at 2026-02-26 16:06:04 EST
Accession Number: 0001193125-26-076551

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity The Company operates a robust, enterprise-wide cybersecurity risk management program that proactively identifies, assesses, and mitigates cybersecurity threats. Fully integrated into the Company's broader risk management framework, the program safeguards both our internal technology environment and our external operating ecosystem while focusing on readiness to effectively respond to emerging risks. The Company's cybersecurity risk management program is grounded in leading industry standards and best practices. We engage an independent third party to conduct an annual assessment of our program, ensuring continued rigor and alignment with evolving threats. Our global Cyber Security Operations Center (SOC) provides continuous monitoring, coordinating investigations and remediation efforts across the enterprise. To further strengthen our readiness, we are expanding our incident response capabilities through structured drills and tabletop exercises with key support teams. Our cybersecurity framework incorporates a comprehensive set of administrative, physical, procedural, and technical controls designed to safeguard the organization's systems and data. The Head of Information Technology currently serves as the Company's Chief Information Security Officer (CISO) and is accountable for the development, implementation, and oversight of the Company's cybersecurity risk management program, including regular reporting to the Board and senior management. The CISO brings more than twenty years of cybersecurity leadership experience , supported by a security organization with advanced expertise and industry-recognized credentials, including the Certified Information Systems Security Professional and Certified Information Systems Audit credential. Cybersecurity is recognized as an enterprise-wide responsibility. The Company conducts periodic management-level simulations and tabletop exercises, leveraging external experts as appropriate, to enhance organizational readiness. All employees complete mandatory annual cybersecurity training and have access to ongoing educational opportunities through digital and live programs. Employees in sensitive or technical roles receive additional, documented role-based training aligned with our quality management system. The Company fosters a security-aware culture across the workforce, recognizing that employee vigilance is essential to defending against cyber threats and strengthening our overall cybersecurity posture. The CISO oversees the continuous monitoring and evaluation of the Company's cybersecurity risk management program and regularly advises senior leadership on the prevention, detection, mitigation, and remediation of cybersecurity incidents. The cybersecurity team brings decades of global experience in selecting, deploying, and managing advanced security technologies and processes. Their work is informed by real-time threat intelligence from governmental, public, and private sources, as well as insights from external cybersecurity consultants. The Company is strengthening oversight of third-party providers through enhanced due diligence for new vendors, continuous monitoring practices, and regular engagement with vendor personnel. All third-party partners are re-evaluated at defined intervals as part of our supplier qualification program to ensure alignment with the Company's cybersecurity expectations. 64 The Audit Committee, together with the Company's General Counsel, Chief Corporate Officer and Principal Financial Officer, provides oversight of the Company's cybersecurity risk exposures and the measures management implements to monitor and mitigate those risks. The cybersecurity team informs the Audit Committee and senior management on the performance and effectiveness of the Company's cyber risk management program, typically on a quarterly basis. In addition, the Board of Directors reviews cybersecurity risks at least annually as part of the Company's broader corporate risk mapping process. To date, the Company has not experienced any material cybersecurity incidents, and, to the best of our knowledge, no cybersecurity event has had a material impact on our business strategy, operating results, or financial condition. We continue to invest in advanced cybersecurity capabilities, infrastructure resilience, and strengthen internal controls to protect our systems, data, and information assets. For further discussion of risks related to cybersecurity threats, see "Risk Factors."

Company Information