Sagimet Biosciences Inc. 10-K Cybersecurity GRC - 2025-03-12

Page last updated on March 12, 2025

Sagimet Biosciences Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-12 07:30:36 EDT.

Filings

10-K filed on 2025-03-12

Sagimet Biosciences Inc. filed a 10-K at 2025-03-12 07:30:36 EDT
Accession Number: 0001558370-25-002747

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Cyber Risk Management and Strategy We have developed and implemented a cybersecurity risk management program designed to protect the confidentiality, integrity, and availability of our critical systems and information. Our cybersecurity risk management program is integrated into our broader information security policy, which is informed by industry standards such as the National Institute of Standards and Technology (NIST) Cybersecurity Framework and Center for Internet Security (CIS) benchmarks. Our approach to cybersecurity risk management includes, but is not limited to, the following elements: ● Security incident management processes designed to oversee, identify and manage security events and incidents, including a cybersecurity incident response plan and a managed 24/7 security operation center, which monitors all security events from endpoints and cloud services. ● System lifecycle and management processes designed to oversee and manage systems and services used by Sagimet, including system assessments and the management of vulnerabilities. ● System protections including firewalls, endpoint protection, access controls and cloud-based security systems. ● Annual cloud system assessments designed to help identify material cybersecurity risks to our critical systems, information and our broader enterprise Information Technology (IT) environment. ● Cybersecurity awareness training for all users with access to our systems including employees, consultants and senior management, with timely relevant security topics, which include social engineering, phishing, password protection, protecting personal data and appropriate use of assets. We have leveraged the support of a third-party data privacy organization to perform a risk assessment designed to identify, assess, and manage data privacy risks. Further, we follow a formal, documented process to assess the data protection practices of certain third-party vendors that handle sensitive information on our behalf. This process includes a risk assessment process which is designed to oversee, identify and manage material cybersecurity and data privacy risks associated with systems, services and third parties. To date, we have not experienced any cybersecurity incidents or threats that have materially affected us or are reasonably likely to materially affect us, including our business strategy, results of operations or financial condition; however, like other companies in our industry, we have, from time to time, experienced threats and security incidents relating to our and our third-party vendors’ information technology systems and infrastructure. For more information, please see the section entitled “Risk Factors” in this Annual Report on Form 10-K. Governance Related to Cybersecurity Risks Our Senior Director of IT is responsible for the strategic leadership and direction of our cybersecurity program . The Senior Director of IT has over 15 years of experience as an information technology professional. Our Board of Directors has delegated oversight of our cybersecurity risk management program to our audit committee , per the audit committee charter. Our audit committee has oversight over cybersecurity risks. Our management provides periodic presentations to the audit committee on our cybersecurity program, including updates on cybersecurity risks and related cybersecurity strategy, as applicable. In addition, management alerts the audit committee of any material cybersecurity incidents . The audit committee provides updates regarding our cybersecurity program to the board of directors when material .

Company Information