Cybersecurity Risk Management and Strategy



We have certain processes for assessing, identifying and managing cybersecurity risks, which are built into our overall information technology function and are designed to help protect our information assets and operations from internal and external cyber threats, and protect employee, collaborator and patient information from unauthorized access or attack, as well as secure our networks and systems. Such processes include physical, procedural and technical safeguards and routine review of our policies and procedures to identify risks and refine our practices. We consider the internal risk oversight programs of third-party service providers before engaging them in order to help protect us from any related vulnerabilities.

We do not believe that there are currently any known risks from cybersecurity threats that are reasonably likely to materially affect us or our business strategy, results of operations or financial condition.



Governance; Board Oversight

The Audit Committee of our Board provides direct oversight over cybersecurity risk, and provides updates to the Board of Directors regarding such oversight, when and if appropriate. Management provides periodic updates to the Audit Committee regarding cybersecurity matters including significant new cybersecurity threats or incidents, when and if appropriate.

We use technology-based tools that are designed to mitigate cybersecurity risks and to bolster our employee-based cybersecurity programs.