Trevi Therapeutics, Inc. - (TRVI)
10-K Filing Date: March 20, 2024
We have certain processes for assessing, identifying and managing cybersecurity risks, which are built into our overall risk management program and information technology function and are designed to help protect our information assets and operations from cyber threats, protect employee and patient information from unauthorized access or attack, as well as secure our networks and systems. Such processes include physical, procedural and technical safeguards, and routine review of our operations to identify risks and enhance our practices. We engage certain external parties, including consultants and computer security firms, to enhance our cybersecurity oversight. We consider the internal risk oversight programs of third-party service providers when engaging them in order to help protect us from any related vulnerabilities.
Our board of directors does not believe that there are currently any known risks from cybersecurity threats that are reasonably likely to materially affect us or our business strategy, results of operations or financial condition.
The audit committee of our board of directors provides direct oversight over cybersecurity risk and provides updates to the board of directors regarding such oversight. The audit committee receives periodic updates from management regarding cybersecurity matters and is notified between such updates regarding significant new cybersecurity threats or incidents.
We have also established a Cybersecurity Committee that meets on a quarterly basis to review and agree on actions to address cybersecurity risks. The Cybersecurity Committee is led by our chief information officer, or CIO, who is a part-time consultant and includes our chief executive officer and chief financial officer. Our CIO, who reports to our chief financial officer, is responsible for the strategic leadership of our cybersecurity programs, identification of cybersecurity risks and the mitigation plans that address these risks. With over 25 years of experience in information technology, the CIO works alongside individuals across other functions, such as clinical operations, legal and quality compliance, to establish and implement our cybersecurity strategy. Our CIO has a bachelor’s degree in Technology and an M.B.A. along with over 10 years of experience in information technology in the life sciences industry.
In an effort to deter and detect cyber threats, we annually provide all employees, including part-time and temporary employees, with a data protection, cybersecurity training and compliance program, which covers timely and relevant topics, including social engineering, phishing, password protection, confidential data protection, and asset use, and educates employees on the importance of reporting all incidents immediately. We conduct frequent phishing simulations requiring employees to identify and report simulated phishing emails. We also use technology-based tools to mitigate cybersecurity risks and to bolster our employee-based cybersecurity programs.