BioAge Labs, Inc. 10-K Cybersecurity GRC - 2025-03-20

Page last updated on March 20, 2025

BioAge Labs, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-20 17:04:37 EDT.

Filings

10-K filed on 2025-03-20

BioAge Labs, Inc. filed a 10-K at 2025-03-20 17:04:37 EDT
Accession Number: 0000950170-25-042759

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. We recognize the importance of maintaining the trust and confidence of our patients, our collaborators, our business partners, our investors, and our employees and understand how key it is to maintain their confidence in our ability to properly protect and manage our information technology systems, infrastructure and data as part of that trust and confidence. In order to achieve this, our management team and our Board of Directors are actively involved in the oversight of our cybersecurity program as part of our approach to risk management. Risk management and strategy We depend on the functioning, availability and security of our information systems, including financial, data processing, communications and operating systems. Several information systems, such as software applications and cloud platforms, are provided by third parties. Our cybersecurity risk framework is designed to allow us to identify, assess and manage the cybersecurity risks we face in relation to, our systems and the information we process. As part of our framework, we maintain certain processes defined to assess, identify and manage risks. For example, we have an incident management and response process under which we communicate the details of certain threats and incidents to management and the audit committee of the board of directors as may be appropriate; use manual and automated processes that are designed to monitor relevant information systems for vulnerabilities, threats and incidents; manage and take certain actions designed to address incidents that may occur; and take actions designed to remediate certain vulnerabilities identified in relevant environments. We employ an array of data security technologies, processes, and methods across our infrastructure designed to protect our systems and sensitive information from unauthorized access. We work with information technology consultants who provide advice and expertise on monitoring evolving industry practices. Our assessment and management of material risks from cybersecurity threats are integrated into the Company’s overall risk management processes. For example, certain management executives, including our Senior Director of Information Technology and Chief Financial Officer evaluate material risks from cybersecurity threats in connection with our overall business objectives and reports such evaluations to the audit committee of the board of directors as appropriate, which then evaluates our overall enterprise risks. In addition to the third parties above, we use additional third-party service providers to perform a variety of functions throughout our business, such as enterprise and employee management platforms, labs, contract research organizations, contract manufacturing organizations, and supply chain resources. Depending on the nature of the services provided, the sensitivity of the information systems and data at issue, and the identity of the provider, we take steps designed to address cybersecurity risks that such service providers may present to us, such as conducting diligence into such service providers’ cybersecurity practices and risk profiles. 91 For a description of the risks from cybersecurity threats that may materially affect the Company and how they may do so, see our risk factors under Part I. Item 1A. Risk Factors in this Annual Report on Form 10-K, including " We are dependent on the efficient and uninterrupted operation of our information technology systems, and those systems, or those of our third-party service providers, may be impacted by security incidents, cyberattacks, loss of data and other disruptions, which could adversely impact our business." Governance Our cybersecurity risk assessment and management processes are implemented and maintained by certain management, including our Senior Director of Information Technology, who has more than two decades of information technology and information technology leadership experience. Our Senior Director of Information Technology, under the supervision of our Chief Financial Officer, manages and monitors our cybersecurity risk (including that presented by our information technology service providers). Our Senior Director of Information Technology is responsible for informing our Chief Financial Officer of relevant cybersecurity risks including, as relevant, the prevent, detection, mitigation and remediation of cybersecurity incidents. Our Chief Financial Officer has over two decades of management experience, including oversight over information technology and cybersecurity matters. Our Board of Directors, with the assistance of the Audit Committee, has oversight for the cybersecurity risks facing us and for our processes designed to identify, prioritize, assess, manage, and mitigate those risks. As part of its oversight responsibilities, the Audit Committee receives periodic updates on cybersecurity and information technology matters and related risk exposures (including, as relevant, those stemming from certain cybersecurity incidents) from our Senior Director of Information Technology and Chief Financial Officer.

Company Information