Accelerate Diagnostics, Inc 10-K Cybersecurity GRC - 2025-03-20

Page last updated on March 21, 2025

Accelerate Diagnostics, Inc reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-20 21:55:44 EDT.

Filings

10-K filed on 2025-03-20

Accelerate Diagnostics, Inc filed a 10-K at 2025-03-20 21:55:44 EDT
Accession Number: 0001628280-25-014205

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy We recognize the importance of developing, implementing and maintaining robust cybersecurity measures to safeguard our information systems and protect the confidentiality, integrity, and availability of our data. As such, we have implemented cybersecurity programs designed to maintain compliance with applicable laws and regulations governing ethical business practices, including our relationships with suppliers, customers, and business partners. We maintain formal processes for our cybersecurity program and incident response procedures, which are updated at least annually. These processes include, among other things, detailed steps on how we assess cybersecurity risks, identify threats, and determine the materiality of cybersecurity incidents. These processes also designate certain roles within the company to execute these policies and certain leadership roles to manage material risk escalation. These processes endeavor to follow the National Institute of Standards and Technology (NIST) Cybersecurity Framework. Our Information Security team uses automated technology, third-party partners, and direct review of system indicators to monitor and implement the prevention, detection, mitigation, and remediation of cybersecurity incidents, and to stay current with the changing threat landscape. We also leverage encryption technologies and other measures to safeguard systems. We engage third parties as part of our cybersecurity program, including external security firms that provide security technology, conduct regular security audits, and conduct penetration testing. We also engage third-party service providers to assist with managing various other aspects of our business. We review SOC 1 and similar documentation from these third-party service providers at least annually to better understand the information security programs maintained by them. Our employees are responsible for complying with our data security standards and are required to complete annual training to understand the behaviors and technical requirements necessary to keep data secure. As of the date of this Form 10-K, we are not aware of any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, that have materially affected or are reasonably likely to materially 45 affect us, including our business strategy, results of operations, or financial condition. For additional information regarding cybersecurity-related risks we face, see Risk Factors - Risks Related to Our Business and Strategy-Breaches of our information technology systems could have a material adverse effect on our operations and potentially result in liability, depending on the type of breach and information compromised." Governance Cybersecurity is an important component of our enterprise risk management program. While our full board of directors (the “Board”) has primary responsibility for risk oversight, the Board utilizes its committees, as appropriate, to monitor and address the risks that may be within the scope of a particular committee’s expertise or charter and receives regular updates at Board meetings on committee activities. The Audit and Governance Committee has oversight over the adequacy of the Company’s enterprise risk management and internal controls, including computerized information system controls and security, and regularly reviews our cybersecurity, including information technology (“IT”) risks, controls, procedures, and plans to mitigate cybersecurity risks and respond to cybersecurity incidents. Due to the importance of cybersecurity, the full Board receives a report on at least annually from our IT Director, on, among other issues, our cybersecurity risks and threats, the status of IT projects, management’s strategies to strengthen our IT systems, assessments of our cybersecurity program, third-party assessments and testing, our emerging cybersecurity threat landscape, and the review of our cybersecurity insurance policy. Updates are held more frequently with the Audit and Governance Committee as deemed appropriate for significant changes to the Company’s IT systems or cybersecurity processes. Pursuant to our incident response procedures, material cybersecurity incidents are also reported to the Audit and Governance Committee upon a determination of materiality by our IT Director. Management is responsible for our day-to-day risk management activities. As cybersecurity risks arise, our IT Director executes our incident response procedures and communicates the appropriate details to management in alignment with the escalation steps set forth in such procedures. Our cybersecurity program is led by our IT Director, who is responsible for assessing and managing cybersecurity risks. He has more than 12 years of experience as a leader in both the medical and defense industries. As cybersecurity-centric manager our IT Director has also achieved high-level security clearance and held the title of Information System Security Officer for other organizations.

Company Information