GeneDx Holdings Corp. 10-K Cybersecurity GRC - 2025-02-20

Page last updated on February 20, 2025

GeneDx Holdings Corp. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-02-20 07:59:24 EST.

Filings

10-K filed on 2025-02-20

GeneDx Holdings Corp. filed a 10-K at 2025-02-20 07:59:24 EST
Accession Number: 0001818331-25-000021

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity The Company is committed to maintaining the trust and confidence of our customers, healthcare providers, clients, business partners and employees through a cybersecurity program focused on protecting the confidentiality, security and availability of the information that we collect and store. We actively identify prevent, detect and mitigate cybersecurity threats and are positioned to effectively respond to cybersecurity incidents. Key components of our cybersecurity program include: Governance: Our board of directors, in coordination with its audit committee, oversees the risks arising from cybersecurity threats, which are embedded in our enterprise risk management (“ERM”) approach. The Board’s audit committee receives regular reports on cybersecurity risks from our Head of Information Security, with prompt escalation of any incident that could materially affect core company operations to the Board. Further, our Head of Information Security works collaboratively across the company to implement and enhance our cybersecurity program. Through ongoing interactions with these teams, our Head of Information 52 Table of Co ntents Security monitors the prevention, detection, mitigation and remediation of cybersecurity threats and incidents in real time. Our Head of Information Security has served in various roles in information technology and information security for over 15 years and holds an undergraduate degree in Management Information System and a graduate degree in Human Resource Management and has attained multiple professional information security certification. Incident Response Planning: We have established protocols to detect, respond to and recover from cybersecurity incidents promptly. Technical Safeguards: We deploy commercially reasonable technical safeguards that are designed to protect our information systems from cybersecurity threats, including firewalls, intrusion prevention and detection systems, anti-malware functionality and access controls, which are evaluated and improved through vulnerability assessments and cybersecurity threat intelligence. In addition, we maintain a risk-based approach to identifying and overseeing cybersecurity risks presented by third parties, including vendors, service providers and other external users of our systems, as well as the systems of third parties that could adversely impact our business in the event of a cybersecurity incident affecting those third-party systems. Employee Education and Awareness: We provide regular mandatory training for employees regarding cybersecurity threats to equip them with effective tools to address cybersecurity threats and to communicate our evolving information security policies, standards, processes and practices. Continuous Monitoring : We engage in the routine, periodic assessment and testing of our standards, policies, processes and practices that are designed to address cybersecurity threats and incidents. These efforts include a wide range of activities, including audits, assessments and other exercises focused on evaluating the effectiveness of our cybersecurity measures and planning. We regularly engage third parties to perform assessments on our cybersecurity measures, including assessments, audits and independent reviews of our information security control environment and operating effectiveness. The results of such exercises are reported to our audit committee, and we adjust our cybersecurity policies, standards, processes and practices as necessary. Artificial Intelligence Artificial intelligence (“AI”) has the potential to transform various work sectors significantly. We continue to enhance and broaden our offerings with AI technologies, and we are exploring potential third-party partnerships to help us offer more robust solutions for providers and patients. For example, we currently deploy a phenotype-driven algorithm that uses machine learning and is used to help identify genes to that may cause disease. While we are dedicated to actualizing AI’s potential in our offerings, we are equally committed to ensuring the security of patient data in line with data privacy laws through the Company’s AI Guidelines. Cybersecurity Threats Risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have not materially affected, and we believe that such risks are not reasonably likely to materially affect the Company, including its business strategy, results of operations or financial condition. For more information on our cybersecurity risks, see “Risk Factors -Risks Related to Cybersecurity, Privacy and Information Technology “.

Company Information