Acumen Pharmaceuticals, Inc. 10-K Cybersecurity GRC - 2025-03-27

Page last updated on March 27, 2025

Acumen Pharmaceuticals, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-27 16:34:47 EDT.

Filings

10-K filed on 2025-03-27

Acumen Pharmaceuticals, Inc. filed a 10-K at 2025-03-27 16:34:47 EDT
Accession Number: 0001576885-25-000049

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. Risk management and strategy. We have adopted processes designed to identify, assess and manage material risks from cybersecurity threats. Those processes include frameworks to respond to and assess internal and external threats to the security, confidentiality and integrity of our data and information systems, along with other material risks to our operations, which we review at least annually or whenever there are material changes to our systems or operations. Our IT department collaborates with our Chief Operating Officer to evaluate and address cybersecurity risks in alignment with our business objectives and operational needs. We have processes to detect potential vulnerabilities and anomalies through technical safeguards. As part of our risk management process, we conduct regular IT security audits to assess and respond to internal and external security threats. In addition, we consult with outside advisors and experts, when appropriate, to assist with assessing, identifying and managing cybersecurity risks, including to anticipate future threats and trends and their potential impact on the Company’s risk environment. We rely on third parties , including cloud vendors and consultants, for various business functions. We oversee third-party service providers by conducting vendor diligence. Vendors are generally assessed for risk based on the nature of their service, access to data and systems and supply chain risk and, based on that assessment, we conduct diligence that may include completing security questionnaires, onsite evaluation and scans or other technical evaluations. Governance. Our Board of Directors has established oversight mechanisms with respect to risks from cybersecurity threats. Our Audit Committee has primary responsibility for oversight of cybersecurity, including the responsibility to review and discuss with management and the Company’s auditors, as appropriate, management risks relating to data privacy, technology and information security. The Audit Committee, or the Board of Directors as a whole, is briefed on any material cybersecurity incidents that may adversely affect the Company and on cybersecurity risks in general at least once each year. At the management level, our cybersecurity program is managed by our Director of IT , who reports to our Chief Operating Officer. Our Director of IT has over 13 years of IT security experience in regulated industries such as government, energy and biopharma. He has over 20 years of combined IT experience. Our Director of IT and IT Department implement processes around security monitoring and vulnerability testing. Our Director of IT reports at least annually to the Audit Committee and such reporting includes topics such as our risk assessment, risk management and control decisions, service provider arrangements, test results, security incidents and responses and recommendations for changes and updates to policies and procedures. As of the date of this report, we have not experienced a cybersecurity incident that resulted in a material effect on our business strategy, results of operations or financial condition, but we cannot provide assurance that we will not be materially affected in the future by such risks or any future material incidents. For more information on cybersecurity risks, see Item 1A. Risk Factors-“Our business and operations would suffer in the event of computer system failures, cyberattacks or a deficiency in our cybersecurity or a natural disaster.”

Company Information