INTENSITY THERAPEUTICS, INC. 10-K Cybersecurity GRC - 2025-03-13

Page last updated on March 14, 2025

INTENSITY THERAPEUTICS, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-13 16:03:27 EDT.

Filings

10-K filed on 2025-03-13

INTENSITY THERAPEUTICS, INC. filed a 10-K at 2025-03-13 16:03:27 EDT
Accession Number: 0001567264-25-000010

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY We recognize the critical importance of maintaining the trust and confidence of our business partners, such as CROs, clinical trial investigators, patients, employees, subcontractors and other vendors. We are committed to protecting the confidentiality, integrity and availability of our business operations and systems, and its board of directors is actively involved in oversight of our risk management activities, and cybersecurity represents an essential element of our overall approach to risk management. In general, we seek to address cybersecurity risks through a comprehensive, cross-functional approach that is focused on preserving the confidentiality, security and availability of the information that we collect and store by identifying, preventing and mitigating cybersecurity threats and effectively responding to cybersecurity incidents should they occur. Cybersecurity Risk Management and Strategy; Effect of Risk We face risks related to cybersecurity, such as unauthorized access, cybersecurity attacks, phishing, and other security incidents, including perpetration by hackers and unintentional damage or disruption to hardware and software systems, loss of data, phony invoices, and misappropriation of confidential information. To identify and assess material risks from cybersecurity threats, we, together with our contracted third-party cybersecurity advisors, maintain a comprehensive cybersecurity program to ensure our systems are effective and prepared for information security risks, including regular oversight of our programs for security monitoring of internal and external threats to ensure the confidentiality and integrity of its information assets. We consider risks from cybersecurity threats alongside other company risks as part of our overall risk assessment process. As discussed in more detail under “Cybersecurity Governance” below, our board of directors provides oversight of our cybersecurity risk management and strategy processes, which are led by management. We, with assistance from our contracted third-party cybersecurity advisors, identifies, protects, and responds to our cybersecurity risks and incidents, through the following activities: - monitoring emerging data protection laws and implementing changes to processes that are designed to comply with such laws; - requiring employees, as well as third parties that provide services on our behalf, to treat confidential information and data with care; - employing technical safeguards that are designed to protect our information systems from cybersecurity threats, including firewalls, intrusion prevention and detection systems, anti-malware functionality, double verification software, and access controls; - performing backups of local hard drives and our financial systems in the cloud and on physical media that are stored off-site in locked locations; - providing mandatory training for our employees regarding cybersecurity threats; and - carrying information security risk insurance that provides protection against the potential losses arising from a cybersecurity incident. Our processes also address cybersecurity threat risks associated with our selection and oversight of third-party service providers, including our suppliers and manufacturers or those who have access to patient and employee data or our systems. We generally require those third parties that could introduce significant cybersecurity risk to agree by contract to manage their cybersecurity risks in specified ways. We do not have any in-house servers or systems. An integral part of our cybersecurity is the security built into this third-party software operated by large corporations such as Microsoft. Our control system, therefore, includes the review of annual Service Organization Controls reports in order to annually assess the controls of these software systems. To date, we have not experienced any material cybersecurity incidents. Cybersecurity Governance; Management Cybersecurity is an important part of our risk management processes and an area of focus for the board of directors and management. Management is responsible for the operational oversight of company-wide cybersecurity strategy, policy, and standards across relevant departments to assess and help prepare the Company to address cybersecurity risks. Our board of directors provides direct oversight over cybersecurity risk and receives periodic updates from management regarding cybersecurity matters and is notified between such updates regarding any significant new cybersecurity threats or incidents. Our cybersecurity risk management and strategy processes, which are discussed in greater detail above, are led by our Chief Executive Officer with the assistance of contracted third-party cybersecurity advisors. These management team members are informed about and monitor the prevention, mitigation, detection, and remediation of cybersecurity incidents through their management of, and participation in, the cybersecurity risk management and strategy processes described above, including incident response processes.

Company Information