Sight Sciences, Inc. 10-K Cybersecurity GRC - 2024-03-12

Page last updated on July 16, 2024

Sight Sciences, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-12 19:32:36 EDT.

Filings

10-K filed on 2024-03-12

Sight Sciences, Inc. filed a 10-K at 2024-03-12 19:32:36 EDT
Accession Number: 0000950170-24-030278

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity We recognize the critical importance of protecting our information technology (“IT”) systems and the data of our employees, customers, and partners. We have an enterprise-wide cybersecurity program designed to identify, detect, investigate, protect, and respond to cybersecurity risks. The Nominating and Corporate Governance Committee of the Board of Directors oversees our cybersecurity programs and cybersecurity team, which are led by our Vice President of Information Technology. At least semi-annual reviews are presented by the Vice President of Information Technology to the Nominating and Corporate Governance Committee demonstrating the cybersecurity practices and controls, mitigation activities, current threat levels, emerging cybersecurity threats, training initiatives, breaches, and results from any penetration testing. In addition, cybersecurity risk management is part of the enterprise risk management program and is reviewed by the Audit Committee at least annually. We have developed an information security policy ensuring that our cybersecurity objectives are established and compatible with our strategic direction. The goal of this policy is to protect our informational assets against reasonably foreseeable internal, external, and accidental threats. Identifying and assessing cybersecurity risk is integrated into our overall risk management processes. Cybersecurity risks related to our business, operations, privacy, and compliance are identified and managed through third party assessments, internal IT audits, governance, risk and compliance reviews. Our policies and approach to cybersecurity include several key elements: - Continuous Monitoring and Defense: We work to protect our environments and products from threats through multi-layered defenses. We utilize data analytics to detect anomalies and search for cyber threats. Our Security Operations Center provides comprehensive, around the clock, cyber threat detection and response capabilities. - Third-Party Software Risk Assessment: We complete security audits on all third-party platforms prior to selection. - Incident Response Plan: Our Incident Response Plan includes the investigation steps and notifications required on all actual and suspected information security incidences - Cybersecurity Training Programs: Our training program is multi-faceted and focused on awareness of new techniques that threat actors utilize both in the corporate environment, as well as their personal lives. Employees undergo regular training on information security best practices, including interactive training to confirm understanding and test employee skills. - Compliance Policy: Mandatory compliance with all cybersecurity programs, including applicable legislative and regulatory requirements. - Third-Party Cybersecurity Plan Assessment: We regularly engage with cybersecurity professionals in reviewing our cybersecurity plan.


Company Information

NameSight Sciences, Inc.
CIK0001531177
SIC DescriptionSurgical & Medical Instruments & Apparatus
TickerSGHT - Nasdaq
Website
Category
Emerging growth company
Fiscal Year EndDecember 30