ORGANOVO HOLDINGS, INC. 10-K Cybersecurity GRC - 2024-05-31

Page last updated on July 16, 2024

ORGANOVO HOLDINGS, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-05-31 16:05:33 EDT.

Filings

10-K filed on 2024-05-31

ORGANOVO HOLDINGS, INC. filed a 10-K at 2024-05-31 16:05:33 EDT
Accession Number: 0000950170-24-067301

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity We believe cybersecurity is critical to advancing our technological advancements. As a clinical stage biotechnology company, we face a multitude of cybersecurity threats that include attacks common in most industries, such as ransomware and denial-of service. Our customers, suppliers, subcontractors, and business partners face similar cybersecurity threats, and a cybersecurity incident impacting us or any of these entities could materially adversely affect our operations, performance, and results of operations. These cybersecurity threats and related risks make it imperative that we expend resources on cybersecurity. Assessing, identifying, and managing cybersecurity related risks are factored into our overall business approach. We have implemented a governance structure and processes to assess, identify, manage, and report cybersecurity risks and have developed our own practices and framework, which we believe enhance our ability to identify and manage cybersecurity risks. Our Audit Committee oversees management’s processes for identifying and mitigating risks, including cybersecurity risks, to help align our risk exposure with our strategic objectives. The IT Risk Committee and our cybersecurity consultant, which has extensive information technology and program management experience, regularly brief the Audit Committee on our cybersecurity and information security posture and the Audit Committee is apprised of any cybersecurity incidents deemed to have a moderate or higher business impact, even if immaterial to us. The Audit Committee retains oversight of cybersecurity because of its importance. In the event of any incident, we intend to follow our detailed incident response playbook, which outlines the steps to be followed from incident detection to mitigation, recovery, and notification, including notifying functional areas (e.g., legal), as well as senior leadership and the Audit Committee, as appropriate. As a clinical stage biotechnology company, we must also comply with extensive regulations, including requirements imposed by the U.S. Food and Drug Administration related to adequately safeguarding patient information. We work with our cybersecurity consultant on assessing cybersecurity risk and on policies and practices aimed at mitigating these risks. We believe we are positioned to meet SEC disclosure requirements. Third parties also play a role in our cybersecurity. We engage third-party services to conduct evaluations of our security controls, whether through penetration testing, independent audits, or consulting on best practices to address new challenges. We rely heavily on our supply chain to deliver our products and services, and a cybersecurity incident at a supplier, subcontractor or business partner could materially adversely impact us. We will require that our subcontractors report cybersecurity incidents to us so that we can assess the impact of the incident on us. Notwithstanding the extensive approach we take to cybersecurity, we may not be successful in preventing or mitigating a cybersecurity incident that could have a material adverse effect on us. See “Risk Factors” for a discussion of cybersecurity risks, including, without limitation, the risk factor under the heading " We may be subject to security breaches or other cybersecurity incidents that could compromise our information and expose us to liability “. Except as set forth therein, risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have not materially affected and are not reasonably likely to materially affect our company, including our business strategy, results of operations, or financial condition.

Company Information