Aerovate Therapeutics, Inc. 10-K Cybersecurity GRC - 2024-03-25

Page last updated on July 16, 2024

Aerovate Therapeutics, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-25 16:15:50 EDT.

Filings

10-K filed on 2024-03-25

Aerovate Therapeutics, Inc. filed a 10-K at 2024-03-25 16:15:50 EDT
Accession Number: 0001798749-24-000015

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Cyber Risk Management and Strategy We rely on information technology systems that we or our third-party providers operate to process, transmit and store electronic information in our day-to-day operations. To help protect against risks from cybersecurity threats to these systems, we have implemented cybersecurity processes in accordance with our risk profile and business that are informed by a recognized cybersecurity industry standard. Our cybersecurity risk management process includes a number of components implemented by internal and external resources, including security monitoring tools, penetration tests and vulnerability assessments, and employee cybersecurity awareness training. We also engage the services of external partners who provide information security services to help maintain our hardware and software, assist with security monitoring on our devices, and help us draft and implement appropriate information security policies. As part of our cybersecurity risk management process, we take a risk-based approach to the evaluation of third-party vendors based on the criticality and size of the vendor. This process includes a review by our external partners, as appropriate. Governance Related to Cybersecurity Risks Our President meets regularly with representatives from our external partners to, as applicable, review aspects of the Company’s cybersecurity processes or evaluate risks from cybersecurity threats. Management, including our President and Chief Financial Officer, reports to the Audit Committee on our major cybersecurity risk exposures, their potential impact on us, and the steps we take to manage them. The Audit Committee considers the Company’s cybersecurity risk exposures and the steps that the Company’s management has taken to monitor and control such exposures in connection with the Audit Committee’s discussion of the Company’s risk assessment and management guidelines. The Audit Committee reviews and discusses, at least annually, the Company’s cybersecurity risks, including the Company’s information security and risk management programs, controls and procedures, as well as high level review of the threat landscape facing the Company and the Company’s strategy to mitigate cybersecurity risks and potential security incidents. The Audit Committee also reviews the recovery and communication plans for any unplanned outage or security incident. The Audit Committee receives periodic updates from management regarding cybersecurity matters and is notified between such updates regarding significant new cybersecurity threats or incidents. The Audit Committee provides updates to the board of directors regarding such oversight.


Company Information

NameAerovate Therapeutics, Inc.
CIK0001798749
SIC DescriptionPharmaceutical Preparations
TickerAVTE - Nasdaq
Website
Category
Emerging growth company
Fiscal Year EndDecember 30