Page last updated on February 27, 2025
IOVANCE BIOTHERAPEUTICS, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-02-27 17:15:54 EST.
Filings
10-K filed on 2025-02-27
IOVANCE BIOTHERAPEUTICS, INC. filed a 10-K at 2025-02-27 17:15:54 EST
Accession Number: 0001558370-25-001834
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
Item 1C. Cybersecurity We operate in the biopharmaceutical sector, which is subject to various cybersecurity risks that could adversely affect our business, financial condition, and the results of operations, including intellectual property theft, fraud, extortion, harm to employees, third party vendors or customers, violation of privacy laws and other litigation and legal risk, and reputational risk. Risk Management and Strategy We have designed and implemented a cybersecurity program which includes administrative, technical, and physical controls and processes to manage and mitigate material risks from internal and external cybersecurity threats, including but not limited to the following: ● A team responsible for designing, implementing, and continually improving our policies, procedures, and technology. ● A risk management process to identify, assess, and treat internal and external ( third-party ) cybersecurity risks. ● An incident management program to effectively and efficiently identify, review, and escalate incidents with the appropriate stakeholders (e.g., CEO, CFO, Legal, Finance, and others, as required). ● A vulnerability management program to scan and penetration test, on an ongoing basis, our systems and networks to identify and treat identified vulnerabilities. ● A security awareness program that educates our team members on an ongoing basis on internal security policies and secure behaviors. ● Engage with key vendors, industry participants and intelligence and law enforcement communities as part of continuing efforts to evaluate and enhance the effectiveness of our information security program. ● Periodically reporting risks , previous and current incidents, and ways to mitigate risks to the Chief Executive Officer, the Audit Committee of the Board of Directors, and other members of senior management . As of the date of this report, we are not aware of any material risks from cybersecurity threats , including as a result of any previous cybersecurity incidents, that have materially affected our business strategy, results of operations, or financial condition. However, as discussed under “Risk Factors” in Part I, Item 1A of this Annual Report, cybersecurity threats pose multiple risks to us, including potentially to our results of operations and financial condition. Refer to Item 1A - " Our internal computer systems, or those used by our CROs or other contractors or consultants, may fail or suffer security breaches " and " We are dependent on information technology, systems, infrastructure and data ," which are incorporated by reference into this Item 1C. As cybersecurity threats become more sophisticated and coordinated, it is reasonably likely that we will be required to expend greater resources to continue to modify and enhance our protective measures as we pursue our business strategies. Governance: ● Board of Directors The Audit Committee operates under a written charter adopted by the Company’s Board of Directors. The Audit Committee oversees, among other things, a system of internal controls, including internal controls designed to assess, identify, and manage material risks from cybersecurity threats. The Audit Committee is also responsible for the adequacy and effectiveness of the Company’s internal controls, including those internal controls that are designed to assess, identify, and manage material risks from cybersecurity threats. For further information about the Audit Committee’s role in assessing and managing the registrant’s material risks from cybersecurity threats , see “Risk Management and Strategy,” under this Item 1C. ● Management Our team of cybersecurity professionals is led by our Vice President , Infrastructure and Security, who along with other members of the IT team collectively over extensive experience in the cybersecurity space in both the pharmaceutical and non-pharmaceutical sectors, many of whom have obtained professional security certifications. The IT team has primary responsibility for our overall cybersecurity risk management program and supervises both our internal cybersecurity personnel and our retained external cybersecurity consultants. For further information about Management’s role in assessing and managing the registrant’s material risks from cybersecurity threats, see “Risk Management and Strategy,” under this Item 1C.
Item 1C. As cybersecurity threats become more sophisticated and coordinated, it is reasonably likely that we will be required to expend greater resources to continue to modify and enhance our protective measures as we pursue our business strategies. Governance: ● Board of Directors The Audit Committee operates under a written charter adopted by the Company’s Board of Directors. The Audit Committee oversees, among other things, a system of internal controls, including internal controls designed to assess, identify, and manage material risks from cybersecurity threats. The Audit Committee is also responsible for the adequacy and effectiveness of the Company’s internal controls, including those internal controls that are designed to assess, identify, and manage material risks from cybersecurity threats. For further information about the Audit Committee’s role in assessing and managing the registrant’s material risks from cybersecurity threats , see “Risk Management and Strategy,” under this Item 1C. ● Management Our team of cybersecurity professionals is led by our Vice President , Infrastructure and Security, who along with other members of the IT team collectively over extensive experience in the cybersecurity space in both the pharmaceutical and non-pharmaceutical sectors, many of whom have obtained professional security certifications. The IT team has primary responsibility for our overall cybersecurity risk management program and supervises both our internal cybersecurity personnel and our retained external cybersecurity consultants. For further information about Management’s role in assessing and managing the registrant’s material risks from cybersecurity threats, see “Risk Management and Strategy,” under this Item 1C.
Item 1C. ● Management Our team of cybersecurity professionals is led by our Vice President , Infrastructure and Security, who along with other members of the IT team collectively over extensive experience in the cybersecurity space in both the pharmaceutical and non-pharmaceutical sectors, many of whom have obtained professional security certifications. The IT team has primary responsibility for our overall cybersecurity risk management program and supervises both our internal cybersecurity personnel and our retained external cybersecurity consultants. For further information about Management’s role in assessing and managing the registrant’s material risks from cybersecurity threats, see “Risk Management and Strategy,” under this Item 1C.
Item 1C.
Company Information
| Name | IOVANCE BIOTHERAPEUTICS, INC. |
| CIK | 0001425205 |
| SIC Description | Biological Products, (No Diagnostic Substances) |
| Ticker | IOVA - Nasdaq |
| Website | |
| Category | Large accelerated filer |
| Fiscal Year End | December 30 |