Organogenesis Holdings Inc. 10-K Cybersecurity GRC - 2025-02-27

Page last updated on February 27, 2025

Organogenesis Holdings Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-02-27 16:30:39 EST.

Filings

10-K filed on 2025-02-27

Organogenesis Holdings Inc. filed a 10-K at 2025-02-27 16:30:39 EST
Accession Number: 0000950170-25-029137

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Risk Management and Strategy We recognize the importance of developing, implementing, and maintaining measures to safeguard our information systems and protect the confidentiality, integrity , and availability of our data and to address potential cybersecurity incidents that may materially affect our business. Our information security team manages and enhances our cybersecurity infrastructure with the ultimate goal of preventing cybersecurity incidents to the extent feasible, while simultaneously increasing our system resilience in an effort to minimize the business impact should an incident occur. We utilize cybersecurity tools, including the NIST Cybersecurity Framework, in assessing the threat landscape and continuously monitoring our environment. We face a number of cybersecurity risks in connection with our business. We have, from time to time, experienced threats to our data and systems, including malware and computer virus attacks. However, such risks and threats have not materially affected our business strategy, results of operations, or financial condition to date. Third-party service providers and consultants Cybersecurity partners are a key part of our cybersecurity infrastructure. We partner with cybersecurity companies and leverage their technology and expertise to better protect the Company. From time to time, we engage certain vendors to monitor our environment, which includes an outsourced security operations center. We may also from time to time engage partners for periodic penetration testing and vulnerability assessments. Our third-party service providers, suppliers, and vendors face their own risks from cybersecurity threats that could potentially impact Organogenesis. We are developing and implementing processes for overseeing and managing these risks and are committed to maintaining robust governance and oversight of these risks. Those processes include assessing the third parties’ cybersecurity practices and where applicable, requiring the third parties to implement appropriate cybersecurity controls and otherwise agree to contractual requirements designed to address cybersecurity risks in our agreements with them including conducting ongoing monitoring of their compliance with those requirements. We have also identified the potential for cybersecurity risks stemming from the use of artificial intelligence (AI) tools developed by third parties. We have implemented policies and training programs to govern the use of AI by our employees. Additionally, the Company’s Audit Committee regularly reviews our uses of AI as part of its ongoing risk oversight responsibility. Governance Our cybersecurity organization, led by our Assistant Vice President of IT and our Director of Information Security, is responsible for our overall information security strategy, policy, security engineering, operations and cyber threat detection and response. Within our team, our current Director of Information Security has professional cybersecurity certifications. The Company’s Board of Directors administers risk management oversight through the Audit Committee of the Board. Our Audit Committee receives quarterly updates about the effectiveness of the Company’s cybersecurity and information security programs , vulnerability and threat detection, progress relative to the Company’s cybersecurity roadmap, and the status of projects to strengthen our information security systems. The Audit Committee discusses with Company management and the Board the Company’s processes with respect to risk assessment and risk management.

Company Information