Celularity Inc 10-K Cybersecurity GRC - 2024-07-30

Page last updated on July 30, 2024

Celularity Inc reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-07-30 16:26:55 EDT.

Filings

10-K filed on 2024-07-30

Celularity Inc filed a 10-K at 2024-07-30 16:26:55 EDT
Accession Number: 0000950170-24-087886

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity We incorporate cybersecurity into our Enterprise Risk Management program. Our cybersecurity program incorporates cybersecurity processes, technologies, and controls designed to identify and manage potential material cyber risks including, but not limited to, operational risk, intellectual property theft, fraud, harm to employees, patients, or third parties, and violation of privacy or security-related laws or regulations. Our cybersecurity program is designed to be aligned with applicable industry standards set by the Center for Internet Security. Our cybersecurity program employs a range of tools and services, including regular network and endpoint monitoring, managed detection and response, system patching, managed security services, server and endpoint scheduled backups, awareness training and testing, periodic vulnerability assessment, penetration testing, to update our ongoing risk identification and mitigation efforts and is assessed periodically by independent third-parties. Our cybersecurity program is managed by a vice president of global security and cybersecurity who reports to our the Chief Executive Officer, or CEO, providing routine security program updates and briefings. The current vice president of global security and cybersecurity has more than 25 years of experience in cybersecurity, federal law enforcement, and cyber investigations, while possessing the required subject matter expertise, skills, experience, and industry certifications expected of an individual assigned to these duties. Our information security team, which includes the vice president of global security and cybersecurity, as well as additional professionals, is responsible for leading enterprise-wide cybersecurity strategy, policy, standards, and processes. The vice president provides regular updates to our CEO and other members of management. Our board of directors has ultimate oversight of cybersecurity risk, which it manages as part of our Enterprise Risk Management program. The board of directors is assisted by the audit committee, which regularly reviews our cybersecurity program with management and reports to the board of directors. Cybersecurity periodically provides updates to our management on cyber risks and threats, the status of projects to strengthen our information security systems, assessments of the information security program, and the emerging threat landscape. Management informs the audit committee or the board of directors of risks from cybersecurity threats as necessary or advisable. For the year ended December 31, 2023, we are not aware of any material cybersecurity incidents. While we have not, as of the date of this annual report on Form 10-K, experienced a cybersecurity threat or incident resulting in a material adverse impact to our business or operations, these threats are constantly evolving, thereby increasing the difficulty of successfully defending against them or implementing adequate preventative measures. There can be no guarantee that we will not experience such an incident in the future. In addition, we seek to detect and investigate unauthorized attempts and attacks against our network, products, and services, and to prevent their occurrence and recurrence where practicable through changes or updates to our internal processes and tools and changes or updates to our products and services; however, we remain potentially vulnerable to known or unknown threats.

Company Information