Esperion Therapeutics, Inc. 10-K Cybersecurity GRC - 2024-02-27

Page last updated on July 16, 2024

Esperion Therapeutics, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-27 09:19:19 EST.

Filings

10-K filed on 2024-02-27

Esperion Therapeutics, Inc. filed a 10-K at 2024-02-27 09:19:19 EST
Accession Number: 0001628280-24-007066

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Cyber Risk Management and Strategy We, under the oversight of the audit committee of our board of directors, have implemented and maintain a cybersecurity framework, informed by the Center of Internet Security, or CIS, cybersecurity framework. This includes policies, processes and technologies designed to minimize risks from cybersecurity threats . We maintain oversight of our third-party vendors with access to our information technology resources through the inclusion of contractual security requirements as appropriate. Our cybersecurity approach is designed to minimize risks from cybersecurity threats identified by internal stakeholders, threat intelligence providers, vulnerability management programs, and security management programs. Our internal team manages and maintains remediation strategies for identified risks, and reports on them periodically to senior leadership. As appropriate, we assess our internal controls, including controls around our information technology systems and their impact on our financial statements or systems, through either independent audits or internal assessments with the assistance of third party resources. Governance Related to Cybersecurity Risks Our cybersecurity program and related operations and processes are directed by our Executive Director of Information Technology, whom we refer to as the IT Director. Currently, the IT Director role is held by an individual who has over 15 years of cybersecurity, information technology, and systems engineering experience. The Director of IT reports to our management - currently the Chief Business Officer. The IT Director meets with the Chief Financial Officer, the Chief Compliance Officer, and the General Counsel periodically to monitor and review the outcomes of our cybersecurity program and to discuss and decide matters related to cybersecurity treatment strategy (including mitigations). The IT Director and the Chief Financial Officer provide periodic reports to the audit committee on cybersecurity risk management, and, quarterly, the Chief Financial Officer updates the audit committee of any material changes in the Company’s cybersecurity framework or cybersecurity activity. The audit committee is responsible for reviewing and overseeing our risk management process, including risks from cybersecurity threats, pursuant to the audit committee charter. Our board of directors, as a whole and through its committees, has responsibility for the oversight of risk management. In its risk oversight role, our board of directors has the responsibility to confirm that the risk management processes designed and implemented by management are appropriate and functioning as designed.


Company Information

NameEsperion Therapeutics, Inc.
CIK0001434868
SIC DescriptionPharmaceutical Preparations
TickerESPR - Nasdaq
Website
CategoryNon-accelerated filer
Smaller reporting company
Fiscal Year EndDecember 30