Page last updated on July 16, 2024
Candel Therapeutics, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-28 08:00:48 EDT.
Filings
10-K filed on 2024-03-28
Candel Therapeutics, Inc. filed a 10-K at 2024-03-28 08:00:48 EDT
Accession Number: 0000950170-24-037637
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
Item 1C. Cybersecurity . Cybersecurity Risk Management and Strategy Candel has implemented cybersecurity risk management processes that are informed by industry standards in accordance with the scale of our business. Our cybersecurity risk management processes are designed to assess, identify and mitigate risks from current and emerging cybersecurity threats. We use various tools and processes to accomplish these objectives, including policies and procedures, risk assessments, and testing. Further, we require our employees to participate in cybersecurity risk awareness trainings and phishing exercises. Our cybersecurity risk management processes are supported by third-party service providers, including a managed services provider that assists the Company with, among other things, threat monitoring and cybersecurity incident response and escalation services. We rely on a third-party service provider to assist us with our cybersecurity practices, including for vulnerability assessments, penetration testing, and managing IT environments. Our process for onboarding new vendors with access to critical systems or data includes vendor questionnaires, contractual obligations, and if deemed appropriate, review of vendor audit reports. Our incident management processes include reporting to senior management, including the Chief Financial Officer (CFO), Vice President of Regulatory and Quality Assurance, Chief Executive Officer, and GxP Systems Director, and, where appropriate, to the board of directors. To date, we have not identified any cybersecurity incidents or threats that have materially affected us or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition. However, like other companies in our industry, we and our third-party vendors have from time-to-time experienced threats that could affect our information or systems. For more information, please refer to Item 1A, “Risk Factors,” in this annual report on Form 10-K. Cybersecurity Governance The board of directors has delegated oversight of the Company’s cybersecurity risk management program to the Audit Committee, including responsibilities for reviewing and discussing cybersecurity risks, implementing risk management programs, controls and procedures, and performing high level reviews of the threat landscape. Our Senior Director, Information Technology (Senior Director, IT) is responsible for the strategic leadership and day-to-day management of our cybersecurity risk management program. The individual occupying this role has over thirty years of experience with information technology management and over five years of cybersecurity risk management. 96 Our Senior Director, IT engages in regular meetings with our third-party managed IT service provider and the Director, IT to review and assess our cybersecurity risk management processes. The Senior Director, IT reports such findings to our CFO who annually presents updates on cybersecurity risks, mitigation strategies, and, if necessary, incident response activities to our Audit Committee. Further, our Audit Committee updates the full board on matters relating to cybersecurity risk management, as necessary.
Company Information
Name | Candel Therapeutics, Inc. |
CIK | 0001841387 |
SIC Description | Biological Products, (No Diagnostic Substances) |
Ticker | CADL - Nasdaq |
Website | |
Category | Non-accelerated filer Smaller reporting company Emerging growth company |
Fiscal Year End | December 30 |