Jade Biosciences, Inc. 10-K Cybersecurity GRC - 2026-03-06

Page last updated on March 6, 2026

Jade Biosciences, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-03-06 16:15:25 EST.

Filings

10-K filed on 2026-03-06

Jade Biosciences, Inc. filed a 10-K at 2026-03-06 16:15:25 EST
Accession Number: 0001193125-26-096550

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity . Cybersecurity Risk Management and Strategy We have developed and implemented a cybersecurity risk management program intended to protect the confidentiality, integrity, and availability of our critical systems and information. Our cybersecurity program aligns with the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) and is consistently updated as NIST recommendations change year over year. This does not imply that we meet any particular technical standards, specifications, or requirements, only that we use NIST as a guide to help us identify, assess, and manage cybersecurity risks relevant to our business. Our assessment and management of material risks from cybersecurity threats are integrated into the Company's overall risk management process. Cybersecurity risks are identified by monitoring and evaluating our threat environment, and then assessed by various methods, for example, by manual and automated tools designed to identify and combat cybersecurity threats. Other methods may include analyzing reports of threats, conducting scans and assessments of the threat environment and identifying vulnerabilities, and the use of detection and response services and conducting reviews of third-party service providers, among other things . Depending on the threat environment, we implement and maintain various technical, physical, organizational measures, processes, standards and policies designed to manage and mitigate material risks from cybersecurity threats to our information systems and data. For example, we implement physical security, access controls, asset management, systems monitoring, incident detection and response, the implementation of security standards, encryption of data, network security controls, and a recovery/business continuity plan, among other mitigation tactics. Our recovery/business continuity plan is designed to mitigate and remediate identified cybersecurity incidents and escalate certain incidents as appropriate to management and the Audit Committee. In sum, key elements of our cybersecurity risk management program include but are not limited to the following: - risk assessments designed to help identify material risks from cybersecurity threats to our critical systems and information; - an internal team responsible for, inter alia, managing (1) our cybersecurity risk assessment processes, (2) our security controls, and (3) our response to cybersecurity incidents; - a cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents; - the use of third-party information technology service providers who have implemented and maintain various information security processes designed to identify, assess, and manage material risks from cybersecurity threats to our information technology systems , including critical computer networks, third party hosted services, communications systems, hardware and software, and our data residing on these systems; - cybersecurity awareness training of our employees, including incident response personnel and senior management; and - a risk management evaluation process for key service providers based on our assessment of their criticality to our operations and respective risk profile, suppliers, and vendors with access to our information systems or data. In the last fiscal year, we have not identified any risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents that have materially affected us, including our operations, business strategy, results of operations, or financial condition. However, we face certain ongoing cybersecurity risks or threats that, if realized, are reasonably likely to materially affect us. For a description of the risks from cybersecurity threats that may materially affect the Company and how they may do so, see our "Risk Factors" under Part 1 Item 1A. Risk Factors, in this Annual Report on Form 10-K. Cybersecurity Governance The Board of Directors, as a whole and at the committee level, considers cybersecurity risk as part of its risk oversight function. The Audit Committee has been designated by our Board to oversee cybersecurity risks, including oversight of management's implementation of our cybersecurity risk management program . In addition, management is required to update the 82 Audit Committee, where it deems appropriate, regarding any cybersecurity incidents it considers to be significant or potentially significant. The Audit Committee receives regular updates on cybersecurity and information technology matters and related risk exposures from our management team. The Board also receives updates from management and the Audit Committee on cybersecurity risks on a regular basis. Our Vice President of Information Technology, together with our senior management, is responsible for assessing and managing cybersecurity risks , managing our cybersecurity programs and evaluating material cybersecurity threats to our overall business. Our Chief Financial Officer has over six years of experience overseeing IT and cybersecurity. Our Vice President of Information Technology has over 25 years of experience leading IT organizations, including a decade overseeing cybersecurity programs . Our management team takes steps to stay informed about and monitor efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, including through briefings from internal security personnel; threat intelligence and other information obtained from governmental, public or private sources, including external consultants engaged by us; and alerts and reports produced by security tools deployed in our information technology environment .

Company Information