Zenas BioPharma, Inc. 10-K Cybersecurity GRC - 2025-03-11

Page last updated on March 11, 2025

Zenas BioPharma, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-11 06:15:29 EDT.

Filings

10-K filed on 2025-03-11

Zenas BioPharma, Inc. filed a 10-K at 2025-03-11 06:15:29 EDT
Accession Number: 0001558370-25-002631

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cyber Security Risk Management and Strategy We have developed and maintain an information security program designed to assess, identify, and manage risks from cybersecurity threats. As part of this program, we conduct periodic assessments of our assets to evaluate the effectiveness of applicable security controls. These assessments are informed by industry standard frameworks and include a review of our information security controls to assess cybersecurity maturity compared to our peers and other security awareness trainings. We engage security technology vendors to assist with detecting potential threats to our information assets. In addition, we have implemented a cybersecurity third party risk management process to assess mission and business critical third parties for cyber risks and to assist the business in making risk-informed technology product and services decisions. Our practice is to perform due diligence, including the completion of security questionnaires and risk assessments, as appropriate, on third parties who maintain material data or information to help us evaluate and verify third party information security capabilities. Our process designed to detect and respond to cybersecurity incidents that may represent a threat to the confidentiality, integrity or availability of our information assets is based on industry standards and best practices of peer companies. Our technology, procedures and key vendors with security responsibilities are designed to help contain, eradicate and recover from cybersecurity incidents in a timely manner. Senior management is informed about incidents that may have a significant impact on the business. Incidents are reviewed once they are resolved, and policies and controls are updated to help mitigate gaps. We have not identified risks from known cybersecurity threats or past incidents that have materially affected or are reasonably likely to materially affect us. For a description of the risks from cybersecurity threats that may materially affect the Company and how they may do so, see our risk factors under Part 1. Item 1A. “Risk Factors” in this Annual Report. Governance Management is responsible for the day-to-day management of risks we face, while our Board of Directors, as a whole and through committees, has responsibility for the oversight of risk management, including risks from cybersecurity threats. Our Audit Committee has specific oversight of risk management, including risks from cybersecurity threats. Our Executive Director of IT is responsible for developing, implementing, and maintaining our cybersecurity risk management policies and procedures. The individual currently serving in the role of Executive Director of IT has over thirty years of experience in cybersecurity, information security, data protection, privacy, regulatory compliance and risk management within complex and international business verticals such as pharmaceutical/biotech, technology, semiconductor and telecom. The Executive Director of IT reports to our Chief Human Resources Officer and provides periodic cybersecurity updates to the Audit Committee of our Board of Directors on at least an annual basis . Our incident response process contemplates that the executive team will notify the Audit Committee of our Board of Directors of any material cybersecurity incident.

Company Information