Page last updated on July 16, 2024
Summit Therapeutics Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-20 07:32:56 EST.
Filings
10-K filed on 2024-02-20
Summit Therapeutics Inc. filed a 10-K at 2024-02-20 07:32:56 EST
Accession Number: 0001599298-24-000031
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
Item 1C. Cybersecurity We have implemented a risk-based approach to identify and assess the cybersecurity threats that could affect our business and information systems. We use recognized commercially reasonable measures, tools and methodologies to manage cybersecurity risk that are tested on a regular cadence. We also monitor and evaluate our cybersecurity posture on an ongoing basis through regular vulnerability scans, penetration tests and third party reviews. We rely on industry leading third party service providers to provide the systems required to effectively run our clinical trials and require these third-party service providers with access to personal, confidential or proprietary information to implement and maintain cybersecurity practices. Specific controls that are used to some extent include endpoint threat detection and response (EDR), identity and access management (IAM), privileged access management (PAM), logging and monitoring involving the use of security information and event management (SIEM), multi-factor authentication (MFA), firewalls and intrusion detection and prevention, and vulnerability and patch management. To manage our material risks from cybersecurity threats and to protect against, detect, and prepare to respond to cybersecurity incidents, we undertake the below listed activities: - Monitor emerging data protection laws and implement changes to our processes to comply; - Conduct annual cybersecurity management and incident training for employees involved in our systems and processes that handle sensitive data; - Conduct on boarding and cyber security training for all employees on an ongoing basis; - Conduct regular phishing email simulations for all employees; and - Carry cybersecurity risk insurance that provides protection against the potential losses arising from a cybersecurity incident. Our incident response plan coordinates the activities that we and our third-party cybersecurity provider take to prepare to respond and recover from cybersecurity incidents, which include processes to triage, assess severity, investigate, escalate, contain, and remediate an incident, as well as to comply with potentially applicable legal obligations and mitigate brand and reputational damage. We have business continuity plans that we continuously review and update in line with our evolving applications architecture. Our Board of Directors provides oversight to our Cybersecurity efforts to ensure effective governance in managing risks associated with cybersecurity threats. Our Head of Information Technology, provides periodic updates to the Board of Directors regarding our cybersecurity program, including information about cyber risk management governance and status updates on various projects intended to enhance the overall cybersecurity posture of the Company. We describe whether and how risks from cybersecurity threats have or that are reasonably likely to affect our financial position, results of operations and cash flows, under the heading “Information technology failures and cybersecurity breaches could harm our business” included as part of our Item 1A. Risk Factors of this Annual Report on Form 10-K, which disclosures are incorporated by reference herein.
Company Information
Name | Summit Therapeutics Inc. |
CIK | 0001599298 |
SIC Description | Pharmaceutical Preparations |
Ticker | SMMT - Nasdaq |
Website | |
Category | Non-accelerated filer Smaller reporting company |
Fiscal Year End | December 30 |