Oruka Therapeutics, Inc. 10-K Cybersecurity GRC - 2025-03-06

Page last updated on March 6, 2025

Oruka Therapeutics, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-06 16:02:05 EST.

Filings

10-K filed on 2025-03-06

Oruka Therapeutics, Inc. filed a 10-K at 2025-03-06 16:02:05 EST
Accession Number: 0001213900-25-021165

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. We collect, use, store, and transmit confidential, sensitive, proprietary, personal, and health-related information in the ordinary course of our business. As such, we leverage third-party information technology service providers who have implemented and maintain various information security processes designed to identify, assess, and manage material risks from cybersecurity threats to our information technology systems, including critical computer networks, third party hosted services, communications systems, hardware and software, and our data residing on these systems. Our Senior Vice President, Finance is responsible for overseeing these third-party service providers and processes. Cybersecurity risks are identified by monitoring and evaluating our threat environment, and then assessed by various methods, for example, by manual and automated tools designed to identify and combat cybersecurity threats, analyzing reports of threats, conducting scans and assessments of the threat environment and to identify vulnerabilities, the use of detection and response services and conducting reviews of third-party service providers, among other things. Depending on the threat environment, we implement and maintain various technical, physical, and organizational measures, processes, standards and policies designed to manage and mitigate material risks from cybersecurity threats to our information systems and data, including, for example, physical security and access controls, asset management, systems monitoring, incident detection and response, risk assessment, the implementation of security standards and certifications, encryption of data, network security controls, and a recovery/business continuity plan, among other mitigation tactics. Our recovery/business continuity plan is designed to mitigate and remediate identified cybersecurity incidents and escalate certain incidents as appropriate to management and the Audit Committee. We plan to conduct due diligence on and audits of key technology vendors, contract research organizations, and other third-party contractors and suppliers. Additionally, we conduct periodic employee training that covers cyber and information security, among other topics. Our assessment and management of material risks from cybersecurity threats are integrated into the Company’s overall risk management process. Our Senior Vice President, Finance, who reports directly to the Chief Executive Officer, together with our senior management, is responsible for assessing and managing cybersecurity risks with support from our third-party information technology service providers that employ information technology consultants with over 20 years of experience managing cybersecurity programs. Our cybersecurity program aligns to the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) and is consistently updated as NIST recommendations change year over year. Our Senior Vice President, Finance, together with our senior management and other employees works closely with our information technology service providers to evaluate material cybersecurity threats against our overall business objectives as part of our cybersecurity incident response. The Board of Directors, as a whole and at the committee level, has oversight for the most significant risks facing us and for our processes to identify, prioritize, assess, manage and mitigate those risks. The Audit Committee has been designated by our Board to oversee cybersecurity risks. The Audit Committee receives regular updates on cybersecurity and information technology matters and related risk exposures from our Senior Vice President, Finance. The Board also receives updates from management and the Audit Committee on cybersecurity risks on a regular basis. In the last fiscal year, we have not identified any risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected us, but we face certain ongoing cybersecurity risks or threats that, if realized, are reasonably likely to materially affect us. For a description of the risks from cybersecurity threats that may materially affect the Company and how they may do so, see our “Risk Factors” under Part 1 Item 1A. Risk Factors, in this Annual Report on Form 10-K.

Company Information