MEI Pharma, Inc. 10-K Cybersecurity GRC - 2024-09-19

Page last updated on September 19, 2024

MEI Pharma, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-09-19 17:20:19 EDT.

Filings

10-K filed on 2024-09-19

MEI Pharma, Inc. filed a 10-K at 2024-09-19 17:20:19 EDT
Accession Number: 0000950170-24-108185

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity We recognize the importance cybersecurity has to the success of our business, as well as recognize the need to continually assess cybersecurity risks and evolve our responses in the face of a rapidly and ever-changing environment. Accordingly, we aim to protect our business operations, records and information against known and evolving cybersecurity threats. Risk Management and Strategy We have established policies and processes for assessing, identifying, and managing material risk from cybersecurity threats, and have integrated these processes into our overall risk management systems and processes. We routinely assess material risks from cybersecurity threats, including any potential unauthorized occurrence on or conducted through our information systems that may result in adverse effects on the confidentiality, integrity, or availability of our information systems or any information residing within these systems. We conduct periodic risk assessments to identify cybersecurity threats, as well as assessments in the event of a material change in our business practices that may affect information systems that are vulnerable to such cybersecurity threats. These risk assessments include identification of reasonably foreseeable internal and external risks, the likelihood and potential damage that could result from such risks, and the sufficiency of existing policies, procedures, systems, and safeguards in place to manage such risks. Following these risk assessments, we re-design, implement, and maintain reasonable safeguards to minimize identified risks, reasonably address any identified gaps in existing safeguards, and regularly monitor the effectiveness of our safeguards. Primary responsibility for assessing, monitoring and managing our cybersecurity risks rests with the Vice President of Information Technology who reports to our Acting Chief Executive Officer, Chief Financial Officer to manage the risk assessment and mitigation process. As part of our overall risk management system, we monitor and test our safeguards and train our employees on these safeguards, in collaboration with our Information Technology department. Personnel at all levels and departments are made aware of our cybersecurity policies through trainings and internal communications. If required, we engage consultants, or other third parties in connection with our risk assessment processes. These service providers, where appropriate, assist us in the assessment, testing or other aspects of our security controls to help identify material cybersecurity risks to our critical systems, information, products, services, and our broader enterprise IT environment, as well as assist us in designing and implementing our cybersecurity policies and procedures. We have not encountered cybersecurity challenges that have materially impaired our operations or financial standing. For additional information regarding risks from cybersecurity threats, please refer to Item 1A, “Risk Factors,” in this annual report on Form 10-K. Cybersecurity Governance Our Board considers cybersecurity risk as part of its risk oversight function and has delegated oversight of cybersecurity and other information technology risks to the Audit Committee. The Audit Committee oversees management’s implementation of our cybersecurity risk management program and is responsible for monitoring and assessing strategic risk exposure, while our management team is responsible for the day-to-day operations over the material risks we face. Our management team, including our Acting Chief Executive Officer, Chief Financial Officer and Vice President of Information Technology, provide periodic briefings to the Audit Committee regarding our cybersecurity risks and activities, including any recent cybersecurity incidents and related responses, if applicable. The Audit Committee receives annual reports from management on our cybersecurity risks. In addition, management updates the Audit Committee, as necessary, regarding any material cybersecurity incidents, as well as any incidents with lesser impact potential. The Audit Committee reports to the full Board regarding its activities, including those related to cybersecurity. The full Board also receives briefings from management on our cyber risk management program, in the discretion of the Board and management. Board members may receive presentations on cybersecurity topics from external experts as part of the Board’s continuing education on topics that impact public companies. Our Acting Chief Executive Officer, CFO and Vice President of Information Technology, are responsible for assessing and managing our material risks from cybersecurity threats and have decades of experience in overseeing operations, including information technology functions, in the public company environment. The team has primary responsibility for our overall cybersecurity risk management program and supervises our retained external cybersecurity consultants as needed. Our management team supervises cybersecurity risk management efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, which may include briefings from external consultants engaged by us; threat intelligence and other information obtained from governmental, public or private sources; and alerts and reports produced by security tools deployed in the IT environment. The cybersecurity risk management program also includes tools and activities to prevent, detect, and analyze current and emerging cybersecurity threats, and plans and strategies to address threats and incidents.

Company Information