ROCKET PHARMACEUTICALS, INC. 10-K Cybersecurity GRC - 2025-02-27

Page last updated on February 27, 2025

ROCKET PHARMACEUTICALS, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-02-27 16:01:32 EST.

Filings

10-K filed on 2025-02-27

ROCKET PHARMACEUTICALS, INC. filed a 10-K at 2025-02-27 16:01:32 EST
Accession Number: 0000950170-25-029002

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity The Company maintains a cybersecurity risk management program designed to identify, assess, manage, mitigate, and respond to cybersecurity threats. The program is integrated within the Company’s enterprise risk management framework and addresses both the corporate information technology environment and the external ecosystem . 70 The underlying controls of the cybersecurity risk management program are based on recognized best practices and standards for cybersecurity and information technology. The Company has a third party perform an annual assessment of the Company’s cybersecurity risk management program. The Company has a Cyber Security Operations Center monitoring our global cybersecurity environment and coordinates investigations and remediation of alerts. We are enhancing our programs for staging incident response drills to prepare support teams for a significant incident. The cybersecurity risk management program includes administrative, physical, and technical controls . Our VP, Head of Information Technology is the Company’s designated Chief Information Security Officer (CISO) and is responsible for developing and implementing the cybersecurity risk management program, including and reporting on cybersecurity matters to the Board. The VP, Head of Information Technology has over twenty years of experience leading cybersecurity oversight. Additionally, members of the IT security team have cybersecurity experience and/or certifications, such as the Certified Information Systems Security Professional and Certified Information Systems Audit credential. The Company views cybersecurity as a shared responsibility across our management team and plans to periodically perform simulations and tabletop exercises at a management level and incorporate external resources and advisors as needed. All employees are required to complete cybersecurity training at least once annually and have access to more frequent cybersecurity training through online and live events. We also require employees in certain roles to complete additional role-based, specialized cybersecurity training that is documented in our quality management system. Employees outside of our corporate information security organization also have a role in our cybersecurity defenses and they are immersed in a corporate culture supportive of security, which we believe improves our cybersecurity . Our Chief Information Security Officer is responsible for continuously monitoring and assessing the Company’s cybersecurity risk management program, informing senior management regarding the prevention, detection, mitigation, and remediation of cybersecurity incidents, and supervising such efforts. The cybersecurity team collectively has decades of experience selecting, deploying, and operating cybersecurity technologies, initiatives, and processes around the world, and relies on threat intelligence as well as information obtained from governmental, public, and private sources, including external consultants engaged by the Company on a real time basis. The Company is continuously enhancing its processes for oversight of third-party vendors, including appropriate due diligence for new providers and continuous monitoring, including ongoing direct contact with vendor personnel. Third-party vendors are re-evaluated at regular intervals as part of our supplier qualification process . The Audit Committee, in addition to the Company’s Chief Financial Officer, General Counsel and Chief Compliance Officer, oversees the Company’s cybersecurity risk exposures and the steps taken by management to monitor and mitigate cybersecurity risks. The cybersecurity team briefs the Audit Committee, Chief Financial Officer, General Counsel and Chief Compliance Officer on the effectiveness of the Company’s cyber risk management program, generally on a quarterly basis. In addition, cybersecurity risks will be reviewed by the Board of Directors, at least annually, as part of the Company’s corporate risk mapping exercise. We have not experienced any material cybersecurity incidents to date, and, by default, we believe no cybersecurity events have occurred that have materially affected the Company or its business strategy , results of operations or financial condition. We continue to invest in cybersecurity and the resilience of our infrastructure and the enhancement of our internal controls and processes, which are designed to help protect our systems and data, and the information they contain. For more information regarding the risks we face from cybersecurity threats, please see “Risk Factors.”

Company Information