Absci Corp 10-K Cybersecurity GRC - 2025-03-18

Page last updated on March 19, 2025

Absci Corp reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-18 16:22:58 EDT.

Filings

10-K filed on 2025-03-18

Absci Corp filed a 10-K at 2025-03-18 16:22:58 EDT
Accession Number: 0001628280-25-013464

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy In the ordinary course of our business, we use, store and process data including data of our employees, partners, collaborators, and vendors. We have implemented a cybersecurity risk management program that is designed to identify, assess, and mitigate risks from cybersecurity threats to this data and our systems. Our cybersecurity risk management program includes a number of components, including information security program assessments and continuous monitoring of critical risks from cybersecurity threats using automated tools. We periodically engage third parties to conduct risk assessments on our systems, including penetration testing on an annual basis. We also conduct cybersecurity simulation exercises, including in connection with our disaster recovery procedures. We maintain policies and processes for assessing, identifying, and managing risks from cybersecurity threats, and have integrated these policies and processes into our overall risk management strategy. Our cybersecurity program is informed by standards established by the National Institute of Standards and Technology (NIST) and the Center for Internet Security (CIS). We also engage assessors, consultants, auditors, or other third parties in connection with our risk assessment processes to assist us in our design and implementation of our cybersecurity policies and procedures and in our assessment and testing of our security safeguards. This includes a third-party managed detection and response team (MDR) to conduct ongoing network monitoring and to support incident management and threat assessment. Additionally, as a public company, we are subject to regulatory requirements and undergo audits of our financial statements, which include a review of related cybersecurity controls and information technology systems. We maintain a cybersecurity awareness training program for employees, which is provided during onboarding and on an annual basis thereafter. Our training program includes simulated phishing campaigns, which are designed to increase awareness and detection and to equip our personnel with effective tools to identify and address cybersecurity threats. Although risks from cybersecurity threats have not materially affected, and are not reasonably likely to materially affect our company, including our business strategy, results of operations, or financial condition, to date, we have, from time to time, experienced threats to and security incidents related to our and our third-party vendors’ information systems. For more information about the cybersecurity risks we face, please refer to Item 1A, “Risk Factors,” in this annual report on Form 10-K, including the risk factor titled “Cybersecurity incidents, data breaches, loss of data and other disruptions could compromise sensitive information related to our business or prevent us from accessing critical information and expose us to liability, which could adversely affect our business and our reputation.” Governance Under the ultimate direction of our chief executive officer, or CEO, and our executive management team (including our Chief Legal Officer who serves as our Chief Compliance Officer), with oversight from our audit committee of the board of directors (Audit Committee), our Head of Information Technology (Head of IT) has primary responsibility for assessing, operating and managing our cybersecurity threat management program. Our Head of IT meets periodically with our Chief Legal Officer to discuss current developments in the cybersecurity landscape and our cybersecurity risk management program, including providing updates regarding the sources and nature of critical risks we face and how the IT department assesses those risks, including the likelihood of such risks, the severity of impact, and progress on vulnerability remediation. As we are in the process of hiring a new Director of Information Technology, our Chief Legal Officer is fulfilling these functions in the interim with assistance from third-party information technology and cybersecurity experts. Although our Chief Legal Officer does not have direct cybersecurity expertise obtained through certifications, her experience as a member of our company’s senior management team and overseeing enterprise risks, which includes consulting and coordinating as necessary with third-party information technology and cybersecurity experts, enables her to assess and manage material risks from cybersecurity threats. We maintain an established process to notify management of identified cybersecurity incidents and to provide an assessment of the potential criticality and impact of such incidents. We have also implemented procedures for response and containment efforts to address the actual or potential impact of identified cybersecurity incidents, as applicable. As part of our board of directors’ enterprise risk management program, our board of directors has responsibility for oversight of cybersecurity risk management. Our board of directors has delegated to our Audit Committee oversight of our cybersecurity risk management program, including oversight of information security and cybersecurity threats and related compliance and disclosure requirements. On an annual basis, our Chief Legal Officer provides an update to our Audit Committee regarding our cybersecurity risk management program, including as relates to critical cybersecurity risks, ongoing cybersecurity initiatives and strategies, and applicable regulatory requirements and industry standards. The Audit Committee periodically reports on cybersecurity risk management to the full board of directors.

Company Information