Elicio Therapeutics, Inc. 10-K Cybersecurity GRC - 2025-03-31

Page last updated on March 31, 2025

Elicio Therapeutics, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-31 07:07:46 EDT.

Filings

10-K filed on 2025-03-31

Elicio Therapeutics, Inc. filed a 10-K at 2025-03-31 07:07:46 EDT
Accession Number: 0001601485-25-000049

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity We recognize the critical importance of protecting the confidentiality, integrity and availability of our business operations and systems. With this in mind, we have implemented and maintain ongoing cybersecurity risk management practices, in accordance with our risk profile and business size, under the oversight of our Audit Committee that are designed to identify, assess, and mitigate cybersecurity risk. Our cybersecurity program is informed by the National Institute of Standards and Technology Cybersecurity Framework, and other applicable industry standards. We engage third-party service providers and vendors to assist us in managing our cybersecurity programs and systems. Cybersecurity Risk Management and Strategy; Effect of Risk To identify and assess material risks from cybersecurity threats, we maintain a cybersecurity program to develop and implement effective systems and prepare for information security risks. We consider risks from cybersecurity threats alongside other company risks as part of our overall risk assessment process. We employ a range of tools and services, including regular network and endpoint monitoring to inform our risk identification and assessment, as well as undertaking the following activities: - monitor emerging data protection laws and implement changes to our processes that are designed to comply with such laws; - through our policies, practices and contracts (as applicable), require employees, as well as third parties that provide services on our behalf, to treat confidential information and data with care; - employ technical safeguards that are designed to protect our information systems from cybersecurity threats, including firewalls, device encryption, multi-factor authentication, advanced threat protection for emails, anti-virus and anti-malware functionality and access controls, which are evaluated and improved from time to time; and - employ multiple backup systems for our data stored on our servers or other information systems. We face risks from cybersecurity threats that, if realized, are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition. During the reporting period, we have not identified any risks from cybersecurity threats, including as a result of previous cyber security incidents, that we believe have materially affected, or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition. For more information, see the section in our risk factors under the heading " Our internal information technology systems, or those of our vendors, collaborators or other contractors or consultants, may fail or suffer cybersecurity incidents, loss of data, and other disruptions, which could result in a material disruption of our product development programs, compromise sensitive information related to our business or prevent us from accessing critical information, potentially exposing us to liability or otherwise adversely affecting our business ." which disclosures are incorporated by reference herein. Cybersecurity Governance; Management Cybersecurity is an important part of our risk management processes and is an area of focus for our board of directors and management. Our board of directors has delegated the oversight of cybersecurity risks to our Audit Committee, which oversees management’s implementation of our cybersecurity program. Our Audit Committee receives periodic updates from our General Counsel regarding our cybersecurity program and risks, including, as necessary, any material cybersecurity threat risks or incidents, as well as the steps management has taken to respond to such risks. Members of our Audit Committee are also encouraged to engage in conversations with management on cybersecurity-related news events and discuss any updates to our cybersecurity risk management and strategy programs. The Audit Committee reports to the full board of directors regarding its activities and risk management functions, including those related to cybersecurity. Oversight of our cybersecurity program, which is discussed in greater detail above, is led by our General Counsel who, along with a contracted third party managed security service provider, is responsible for helping to integrate cybersecurity risk considerations into the Company’s overall risk management strategy and to help prepare for and respond to cybersecurity incidents. Our third party managed security service provider has over 25 years of experience in cybersecurity and is informed about and monitors our cybersecurity risk through participation in the cybersecurity risk management and strategy processes described above. Additionally, our legal and operations teams review and assess potential improvements to our cybersecurity policies and procedures with input from third-party vendors, as appropriate. As discussed above, the General Counsel reports to the Audit Committee of our board of directors about cybersecurity related matters, periodically.

Company Information