Rein Therapeutics, Inc. 10-K Cybersecurity GRC - 2025-04-07

Page last updated on April 8, 2025

Rein Therapeutics, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-04-07 16:02:12 EDT.

Filings

10-K filed on 2025-04-07

Rein Therapeutics, Inc. filed a 10-K at 2025-04-07 16:02:12 EDT
Accession Number: 0000950170-25-051566

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybe rsecurity Risk Management and Strategy We are a clinical stage biopharmaceutical company with no commercial operations or revenue streams and our sole business activity has been ongoing research into our drug therapies. We have certain processes for assessing, identifying and managing cybersecurity threats, including any potential unauthorized occurrence on or conducted through our information systems, which are built into our overall risk management program. Our processes are designed to preserve the confidentiality, integrity, and availability of the information that we collect and store by identifying, preventing, and mitigating cybersecurity threats and effectively responding to cybersecurity incidents when they occur. Such processes include physical, procedural and technical safeguards, and response plans on our systems. We engage an external consultant to manage cybersecurity tooling and incident response, as well as general information technology, or IT, systems, which enhance our cybersecurity oversight. We consider the internal risk of oversight programs of the third-party consultant before engaging them in order to help protect us from any related vulnerabilities. As our company grows, we plan to expand our strategy for cybersecurity in alignment with nationally accepted standards. Based on an assessment using the previously described cybersecurity risk management program, we do not believe that there are currently any risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations or financial condition. For additional information regarding risks from cybersecurity threats, please refer to Item 1A. “Risk Factors” in this Annual Report on Form 10-K. Governance Our management and board of directors recognize the critical importance of maintaining the trust and confidence of our business partners and employees, including the importance of managing cybersecurity risks as part of our larger risk management program. We seek to address cybersecurity risks through a cross-functional approach. One of the key functions of our board of directors is informed oversight of our risk management process, including risks from cybersecurity threats. Our board of directors is responsible for monitoring and assessing strategic risk exposure, and our audit committee, comprised of members with substantial experience in information technology governance and risk management, oversees our cybersecurity strategy. Our board of directors receives periodic updates from management regarding cybersecurity matters, and is notified between such updates regarding significant new cybersecurity threats or incidents. Our executive officers are responsible for the day-to-day management of the material risks that we face. Our executive officers are led by a third-party consultant, who oversees company-wide cybersecurity strategy, policy , standards and processes and works across relevant departments to assess and help prepare us and our employees to address cybersecurity risks. The third-party consultant is advised by their Security Operations Center Manager with a 101 variety of technical certifications, as well as extensive background in IT infrastructure, risk mitigation, and incident response planning. In an effort to deter and detect cyber threats, we annually provide all employees, including part-time and temporary employees, with a data protection, cybersecurity and incident response and prevention training and compliance program, which covers a range of timely and relevant topics. Past topics have included social engineering, phishing, password protection, confidential data protection, asset use and mobile security. The training and compliance program functions to educate employees on the importance of reporting all incidents immediately. We also use technology-based tools to mitigate cybersecurity risks and to bolster our employee-based cybersecurity programs.

Company Information