Senti Biosciences, Inc. - (SNTI)

10-K Filing Date: March 21, 2024
Item 1C. Cybersecurity
Cyber Risk Management and Strategy
We have adopted cybersecurity risk management processes that are informed by and incorporate elements of recognized industry standards, such as the National Institute of Standards and Technology Cybersecurity Framework, and that are designed to identify, assess, and mitigate critical risks from cybersecurity threats.
To support our cybersecurity risk management processes, we leverage a third-party Information Security Coordinator who provides ongoing support for the protection of our information technology infrastructure and also engage with other third-party providers and cybersecurity consultants as appropriate, including engagement of third parties to assist with managed detection and response. Additionally, our cybersecurity risk management strategy is informed by a recent risk assessment conducted by a third-party cybersecurity consultant.
We have an employee security awareness training program, required upon onboarding and on an annual basis thereafter, that is designed to raise awareness of cybersecurity threats across functions as well as to encourage consideration of cybersecurity risks across our Company. As part of this employee training program, we periodically conduct phishing simulations designed to raise employee awareness of such risks.
We have also implemented a process to assess and review the cybersecurity practices of certain third-party vendors and service providers, such as software-as-a-service providers whose products are used to store our data, including through review of System and Organization Controls (SOC) reports prior to onboarding.
We have not identified any cybersecurity incidents or threats that have materially affected us or are reasonably likely to materially affect us, including our business strategy, results of operations or financial condition; however, like other companies in our industry, we and our third-party vendors may, from time to time, experience threats and security incidents relating to our and our third-party vendors’ information systems and infrastructure. For more information, please see Item 1A - Risk Factors.
120

Table of Contents
Governance Related to Cybersecurity Risks
Our Information Security Coordinator is responsible for the establishment and maintenance of our cybersecurity risk management processes, including the day-to-day oversight of the assessment and management of cybersecurity risks. The individual who is currently in this role has approximately 20 years of experience in information security. Our Information Security Coordinator reports to, and meets periodically with, our Director of Operations to discuss and review our information security and cybersecurity risk management processes.
Our board of directors has delegated oversight of the Company’s enterprise risk management processes, including those related to cybersecurity risks, to the audit committee of the board of directors. We have implemented a process for our Information Security Coordinator, as appropriate, to provide periodic updates to the audit committee on the status of our cybersecurity program.