Page last updated on February 27, 2025
C4 Therapeutics, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-02-27 07:15:57 EST.
Filings
10-K filed on 2025-02-27
C4 Therapeutics, Inc. filed a 10-K at 2025-02-27 07:15:57 EST
Accession Number: 0001628280-25-008433
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
Item 1C. Cybersecurity. Cyber Risk Management and Strategy We have implemented and maintain an ongoing cybersecurity risk management program , under the oversight of the audit committee of the board of directors, that is focused on identifying, assessing and mitigating cyber risk. We engage with multiple third-party vendors who provide a variety of services ranging from ongoing security advisory services to security monitoring and response management. In addition, we also have a process to assess and review the cybersecurity practices of third-party vendors and service providers , including through the use of vendor questionnaires and contractual security requirements, as appropriate. In addition to these efforts, we have implemented an ongoing enterprise risk management program that includes processes designed to identify, assess, and address cybersecurity risks. Our cybersecurity efforts are informed by industry standards and include periodic, targeted risk assessments supported by cybersecurity technologies, including third-party security solutions and monitoring tools, designed to monitor, identify, and address cybersecurity risks. Additionally, as a public company, we are subject to various regulatory requirements around our internal controls, including our controls around our information technology systems and their impact on our financial statements or systems. We have engaged a third party vendor to advise us on our compliance with these requirements, including around our controls related to cybersecurity, and strategies to mitigate related risk. If we were to identify any control deficiencies that represent cybersecurity risks, those would be reported to the Chief Financial Officer and the audit committee, together with plans for corrective action, as appropriate. Although risks from cybersecurity threats to date have not materially affected, and we do not believe they are reasonably likely to materially affect, us, our business strategy, results of operations or financial condition, we do, from time to time, experience threats and security incidents relating to our, and our third party vendors’, information systems. For more information, please see the section entitled “Risk Factors” in this Annual Report on Form 10-K. Governance Related to Cybersecurity Risks Our cyber risk management program and related operations and processes are managed by our Director of Information Technology , in consultation with the legal and human resources teams. The Director of Information Technology has primary responsibility for day-to-day management of our cyber risk management program, including monitoring for cybersecurity risks. Currently, the Director of Information Technology role is held by an individual who has over 18 years of cybersecurity, information technology, and systems engineering experience. The Director of Information Technology reports to the Chief People Officer. The Director of Information Technology meets with the Chief People Officer periodically to monitor and review the outcomes of our cybersecurity risk management processes and to discuss and address matters related to cybersecurity risk management strategy. The Director of Information Technology, working with the Chief Legal Officer and Chief People Officer, provides periodic reports on cybersecurity risks to the audit committee, which is responsible for reviewing and overseeing the Company’s risk management processes, including cybersecurity risks. The Chief Financial Officer, Chief People Officer and Chief Legal Officer and/or other senior members of the legal team , participate in audit committee meetings, which are generally led by the Chief Financial Officer, as well as meetings of the full board of directors. Our enterprise risk management process is overseen by our Chief Legal Officer and Chief Financial Officer. In collecting information on enterprise risk, cyber security is specifically included as a risk category, and the results of our enterprise risk assessment processes, including risks related to cybersecurity, are also discussed with the audit committee and among senior management on a periodic basis. Further, in accordance with the committee’s charter, the chair of the audit committee provides periodic updates on committee activities to the full board of directors, which may include discussion of any cyber risks.
Company Information
| Name | C4 Therapeutics, Inc. |
| CIK | 0001662579 |
| SIC Description | Biological Products, (No Diagnostic Substances) |
| Ticker | CCCC - Nasdaq |
| Website | |
| Category | Non-accelerated filer Smaller reporting company |
| Fiscal Year End | December 30 |