Rallybio Corp 10-K Cybersecurity GRC - 2024-03-12

Page last updated on July 16, 2024

Rallybio Corp reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-12 16:26:03 EDT.

Filings

10-K filed on 2024-03-12

Rallybio Corp filed a 10-K at 2024-03-12 16:26:03 EDT
Accession Number: 0001739410-24-000035

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy We have developed and implemented a cybersecurity risk management program that is designed to identify, assess and manage material risks from cybersecurity threats and to protect the security, confidentiality, integrity, and availability of our critical systems and information. Our information security program is developed using industry standards and best practices as a guide, including the National Institute of Standards and Technology (“NIST”) Cybersecurity Framework. The program includes penetration tests and periodic vulnerability scans, and evaluations by external service providers. The results of these evaluations are shared with senior management and the audit committee of the board of directors, where appropriate. Our cybersecurity risk management program is integrated into our overall enterprise risk management processes and shares common methodologies, reporting channels and governance processes that apply across our enterprise risk management processes to other legal, compliance, strategic, operational, and financial risk areas. Our cybersecurity risk management program includes: - Risk assessments designed to help identify material cybersecurity risks to our critical systems, information, product candidates and our broader enterprise IT environment. - A team principally responsible for managing: (a) our cybersecurity risk assessment processes, (b) our security controls, and (c) our response to cybersecurity incidents. - The use of external service providers, where appropriate, to assess, test or otherwise assist with aspects of our security controls as part of our operational security model. - Threat intelligence that informs our third party IT service provider and us about new vulnerabilities and risks that require timely intervention or remediation. - Cybersecurity awareness training of our employees, incident response personnel, and senior management. - A cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents. As of the date of this Annual Report on Form 10-K, we have not experienced a cybersecurity incident that resulted in a material effect on our business strategy, results of operations, or financial condition, but we cannot provide assurance that we will not be materially affected in the future by such risks or any future material incidents. Governance The audit committee of our board of directors has primary responsibility for oversight of our information security program. Our cyber security program is managed by our third party IT service provider together with internal personnel. Our service provider and internal personnel work together to assess the environment, potential threats and responses.


Company Information

NameRallybio Corp
CIK0001739410
SIC DescriptionPharmaceutical Preparations
TickerRLYB - Nasdaq
Website
Category
Emerging growth company
Fiscal Year EndDecember 30