Sensei Biotherapeutics, Inc. 10-K Cybersecurity GRC - 2024-02-29

Page last updated on July 16, 2024

Sensei Biotherapeutics, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-29 16:30:47 EST.

Filings

10-K filed on 2024-02-29

Sensei Biotherapeutics, Inc. filed a 10-K at 2024-02-29 16:30:47 EST
Accession Number: 0000950170-24-023148

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. Risk Management and Strategy We have established policies and processes for assessing, identifying, and managing material risk from cybersecurity threats to our critical computer networks, third party hosted services, communications systems, hardware and software, and our critical data, including clinical trial data, intellectual property, confidential information that is proprietary, strategic, financial or competitive in nature, and personal data. Depending on the environment and system, we implement and maintain various technical, physical, and organizational measures, processes, standards and policies designed to manage and mitigate material risks from cybersecurity threats, including, for example, periodic cybersecurity testing and cybersecurity awareness training for employees. We retain a third-party technology solutions firm (IT Firm) to help identify, assess and manage the Company’s cybersecurity threats and risks. The IT Firm reports to an employee in our finance and operations department, who functions as our IT lead (IT Lead) and who works with our management team, including our Chief Financial Officer (CFO). Our IT Firm identifies and, in conjunction with our IT Lead, helps assess risks from cybersecurity threats by monitoring and evaluating our threat environment and risk profile using various methods and tools. We use third-party service providers, including cybersecurity consultants, to assist us from time to time to identify, assess, and manage material risks from cybersecurity threats, including for example, to conduct risk assessments and identify potential risks. We use third-party service providers to perform a variety of functions throughout our business, including manufacturing our product candidates and assisting with R&D and clinical activities. Depending on the nature of the services provided, the sensitivity of the systems and data at issue, and the identity of the provider, our vendor contracting processes may include imposing certain contractual provisions related to privacy and cybersecurity. 69 We have integrated our assessment and management of material risks from cybersecurity threats into our overall risk management systems and processes. For example, the results of such third-party cybersecurity assessments are shared with our senior management and the board’s audit committee for review, both of which evaluate our overall enterprise risk. For a description of the risks from cybersecurity threats that may materially affect the Company and how they may do so, see our risk factors under Part 1. Item 1A. Risk Factors in this Annual Report on Form 10-K, including the risk entitled " Our computer systems or data, or those of our collaborators or other contractors or consultants, maybe compromised, which could result in adverse consequences, including but not limited to regulatory investigations or actions; litigation; fines and penalties; significant disruption of our product development programs and our ability to operate our business effectively; reputational harm; and other adverse consequences ." Governance Our board of directors addresses our cybersecurity risk management as part of its general oversight function. The board of directors’ audit committee is responsible for overseeing our cybersecurity risk management processes, including oversight and mitigation of risks from cybersecurity threats. Our IT Lead is responsible for engaging and overseeing our IT Firm. In consultation with our IT Firm, our IT Lead, Chief Financial Officer and General Counsel integrate cybersecurity risk considerations into the Company’s overall risk management strategy, communicate key priorities to relevant personnel, help prepare for cybersecurity incidents, approve cybersecurity processes, and review security assessments and other security-related reports. Our cybersecurity incident response policy is designed to escalate certain cybersecurity incidents to our Cybersecurity Incident Management Team, which consists of a representative from our IT Firm, IT Lead, Chief Financial Officer and General Counsel. In addition, our incident response policy includes reporting to our disclosure committee and audit committee of the board of directors for certain cybersecurity incidents. Our audit committee receives periodic reports from our IT Lead concerning the Company’s significant cybersecurity threats and risk and the processes the Company has implemented to address them. The audit committee also receives various reports, summaries or presentations related to cybersecurity threats, risk and mitigation.


Company Information

NameSensei Biotherapeutics, Inc.
CIK0001829802
SIC DescriptionPharmaceutical Preparations
TickerSNSE - Nasdaq
Website
Category
Emerging growth company
Fiscal Year EndDecember 30