Voyager Therapeutics, Inc. 10-K Cybersecurity GRC - 2025-03-11

Page last updated on March 11, 2025

Voyager Therapeutics, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-11 16:01:30 EDT.

Filings

10-K filed on 2025-03-11

Voyager Therapeutics, Inc. filed a 10-K at 2025-03-11 16:01:30 EDT
Accession Number: 0001558370-25-002703

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Cybersecurity Risk Management and Oversight We have processes for assessing, identifying, and managing cybersecurity risks, integrated into our overall risk management program and information technology function. These processes are designed to: ● Protect our information assets and operations from internal and external cyber threats , ● Safeguard employee, vendor, and collaborator information from unauthorized access or attack , and ● Secure our networks and systems. Our cybersecurity framework includes physical, procedural, and technical safeguards, as well as: ● Continuous security monitoring to detect any anomalies and event s, ● Response plans for cyber incidents , ● Regular system testing and incident simulations , and ● Routine reviews of policies and procedures to identify risks and enhance practices. To strengthen our cybersecurity risk management practices and oversight, we engage external consultants with expertise in information security, incident response, and governance. Additionally, we evaluate the internal risk oversight programs of third-party service providers before engaging them in order to help protect us from any related vulnerabilities. Board and Audit Committee Oversight We do not believe that there are currently any known risks from cybersecurity threats that are reasonably likely to materially impact the company or its business strategy, operations, or financial condition. The Audit Committee provides direct oversight of cybersecurity risk and updates the Board of Directors on such matters. Management delivers quarterly cybersecurity updates to the Audit Committee, with additional updates provided as significant new threats or incidents arise. Operational Leadership and Incident Response Our Vice President of Information Technology , or VP of IT , leads company-wide cybersecurity strategy, policy, standards, and processes. This role includes working across departments to assess and address cybersecurity risks and participating in management’s updates to the Audit Committee . In the event of a cybersecurity incident, the VP of IT collaborates with the information technology department and relevant teams to assess and respond to the incident, determining the need for internal and external reporting. Our VP of IT brings over 15 years of experience in cybersecurity, including serving as Chief Information Security Officer for a multinational company in the specialty materials industry. Our VP of IT has experience with compliance programs for cybersecurity-related regulations and standards. Additionally, the VP of IT has participated in Gartner cybersecurity programs and conferences and received training on combating cyber threats, including phishing, malware, and social engineering. Employee Training and Technology-Based Safeguards We provide annual data protection and cybersecurity training for all personnel, including full-time, part-time, and temporary staff. This program covers topics such as: ● Social engineering and phishing awareness , ● Password protection and mobile security , and ● Incident response and reporting. To complement employee training, we utilize technology-based tools and practices to mitigate cybersecurity risks, including: ● Proactive cybersecurity monitoring for threat detection and swift response , ● Tools to address vulnerabilities and protect information assets , ● Endpoint security measures, geo-fencing, and geo-blocking on firewall s , and ● Automatic email prioritization to help our information technology department efficiently address the most critical threats.

Company Information