GYRE THERAPEUTICS, INC. 10-K Cybersecurity GRC - 2025-03-17

Page last updated on March 17, 2025

GYRE THERAPEUTICS, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-17 16:15:36 EDT.

Filings

10-K filed on 2025-03-17

GYRE THERAPEUTICS, INC. filed a 10-K at 2025-03-17 16:15:36 EDT
Accession Number: 0000950170-25-040279

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. CYBERSECURITY. We strive to safeguard our important data, hardware, and internal network from digital attacks, theft and damage. In the ordinary course of our business, we collect, use, store, and digitally transmit confidential, sensitive, proprietary, and personal information. The secure maintenance of this information and our information technology systems is important to our operations and business strategy. To this end, we have implemented processes designed to assess, identify, and manage risks from potential unauthorized occurrences on or through our information technology systems that may result in adverse effects on the confidentiality, integrity, and availability of these systems and the data residing therein. At Gyre Therapeutics, these processes are managed and monitored by a third-party information technology (“IT”) consulting company (the “Managed Service Provider”) and are overseen by our Chief Financial Officer. At Gyre Pharmaceuticals, these processes are managed and monitored by a dedicated Information Security team, which is led by the General Manager. Gyre Therapeutics’ and Gyre Pharmaceuticals’ processes include mechanisms, controls, technologies, systems, and other processes designed to prevent or mitigate data loss, theft, misuse, or other security incidents or vulnerabilities affecting the data. In the process of advancing the systematic development of information security, we seek to maintain a robust approach that encompasses policy formulation, organizational structuring, technological application enhancement, process optimization, and personnel training. For example, Gyre Therapeutics and Gyre Pharmaceuticals maintain software and hardware inventories, perform security monitoring and alerting, and complete ongoing risk assessments. Gyre Therapeutics and Gyre Pharmaceuticals also conduct regular employee trainings on cyber and information security, among other topics. In addition, both companies consult with outside advisors and experts on a regular basis to assist with assessing, identifying, and managing cybersecurity risks, including to anticipate future threats and trends, and their impact on the Company’s risk environment. Our Chief Financial Officer, who reports directly to our Chief Executive Officer, is responsible for assessing and managing Gyre Therapeutics’ cybersecurity risks with support from the Managed Service Provider, which employs IT consultants with over 20 years of experience managing information technology and cybersecurity matters and are certified as Microsoft Certified Systems Engineers. Our Gyre Pharmaceuticals information security team, who reports to the Secretary of the General Manager at Gyre Pharmaceuticals, comprises of three employees with an average of 20 years of experience managing information technology and cyber 130 security matters. The Secretary of the General Manager reports to the General Manager at Gyre Pharmaceuticals, and the General Manager reports to the Board of Directors and is responsible for assessing and managing Gyre Pharmaceuticals’ cybersecurity risks. We consider cybersecurity, along with other significant risks that we face, within our overall enterprise risk management framework. Since the beginning of the last fiscal year, we have not identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected us, but we face certain ongoing cybersecurity risks that, if realized, are reasonably likely to materially affect us. Additional information on cybersecurity risks we face is discussed in Part I, Item 1A, “Risk Factors,” under the heading “Breach, failure or disruption in or to our information system could compromise sensitive information related to our business and expose us to liability or reputational harm, and our ability to effectively manage our business operations could be adversely affected.” The Board of Directors, as a whole and at the committee level, has oversight for the most significant risks facing us and for our processes to identify, prioritize, assess, manage, and mitigate those risks. The Audit Committee, which is comprised solely of independent directors, has been designated by our Board to oversee cybersecurity risks. The Audit Committee receives regular updates on cybersecurity and information technology matters and related risk exposures from our management team. The Board also receives updates from management and the Audit Committee on cybersecurity risks on at least an annual basis.

Company Information