Beta Bionics, Inc. 10-K Cybersecurity GRC - 2025-03-28

Page last updated on March 28, 2025

Beta Bionics, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-28 16:05:42 EDT.

Filings

10-K filed on 2025-03-28

Beta Bionics, Inc. filed a 10-K at 2025-03-28 16:05:42 EDT
Accession Number: 0000950170-25-046762

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. Risk Management and Strategy We have implemented and maintain various information security processes designed to identify, assess and manage material risks from cybersecurity threats to our critical computer networks, third party hosted services, communications systems, hardware and software, and our critical data, including intellectual property, confidential information that is proprietary, strategic or competitive in nature, and patient and customer data (Information Systems and Data). Our information security function is led by our Head of Information Technology, and is supported by the Chief Financial Officer and Vice President of Legal and Business Develop (the Information Security Team). Our Information Security Team works with other members of our management team to prioritize our risk management processes and mitigate cybersecurity threats that are more likely to lead to a material impact to our business. It identifies and assesses risks from cybersecurity threats by monitoring and evaluating our threat environment using various methods including: the use of manual and automated tools, subscribing to reports and services that identify cybersecurity threats, and utilizing third-party assessments to identify vulnerabilities. Our assessment and management of material risks from cybersecurity threats are integrated into the Company’s overall risk management processes. For example, the Information Security Team works with other members of management to prioritize our risk management processes and mitigate cybersecurity threats that are more likely to lead to a material impact to our business. Additionally, our senior management evaluates material risks from cybersecurity threats against our overall business objectives and reports to the Audit Committee, as well as our Board of Directors, the latter of which evaluates our overall enterprise risk. We use third-party service providers to assist us from time to time to identify, assess, and manage material risks from cybersecurity threats, including professional services firms; cybersecurity consultants; and managed cybersecurity service providers. We use third-party service providers to perform a variety of functions throughout our business, such as application providers, hosting companies, contract research organizations, distributors, supply chain resources and other consultants. We have vendor management processes to manage cybersecurity risks associated with our use of these providers. The processes include security assessment calls with certain vendor security personnel, conducting risk assessments for certain vendors and reviewing of security assessments. Depending on the nature of the services provided, the sensitivity of the Information Systems and Data at issue, and the identity of the provider, our vendor management process may involve different levels of assessment designed to help identify cybersecurity risks associated with a provider and impose contractual obligations related to cybersecurity on the provider. For a description of the risks from cybersecurity threats that may materially affect us and how they may do so, see our risk factors in the section under Part I. Item 1A. “Risk Factors” of this Annual Report, including in the subsection titled “Risks Related to Our Business, Strategy and Industry.” Governance Our board of directors addresses our cybersecurity risk management as part of its general oversight function. The Audit Committee is responsible for overseeing our cybersecurity risk management processes, including oversight and mitigation of risks from cybersecurity threats. Our cybersecurity management processes are implemented and maintained by our Information Security Team, in consultation with members of our cybersecurity incident management team. Our cybersecurity incident management team is led by our Head of Information Technology and includes our Chief Financial Officer , Vice President of Legal and Business Development, and relevant business departments (the “Incident Management 135 Team”). Our Head of Technology brings extensive experience in software development, IT, and cyber security, gained in over two decades in the consumer product and healthcare sectors. As the leader of our Information Security Team, our Head of Information Technology is responsible for hiring appropriate personnel, helping to integrate cybersecurity risk considerations into our overall risk management strategy, communicating key priorities to relevant personnel, requesting and allocating budgets, helping prepare for cybersecurity incidents, approving cybersecurity processes, and reviewing security assessments and other security-related reports. Our cybersecurity incident response policies and procedures are designed to escalate certain cybersecurity incidents to members of management who are part of the Incident Management Team. The Incident Management Team works to help mitigate and remediate cybersecurity incidents of which they are notified. In addition, the cybersecurity incident response policy and security incident handling procedure include escalating certain cybersecurity incidents to our disclosure committee and, if appropriate, to the Audit Committee. The Audit Committee meets periodically, and receives regular reports from our Head of Information Technology and, as appropriate, other members of the Information Security Team concerning any significant cybersecurity threats and risk and the processes we have implemented to address them. The Audit Committee also receives various reports, summaries or presentations related to cybersecurity threats, risk and mitigation, generally. The Head of Information Technology also provides regular reports to the Board of Directors of significant matters related to the Audit Committee’s responsibilities.

Company Information