Aileron Therapeutics, Inc. - (ALRN)
10-K Filing Date: April 15, 2024
Risk Management and Strategy
We are a clinical stage biopharmaceutical company, with no commercial operations or revenue streams and our sole business activity has been ongoing research into our drug therapies. We assess material risks from cybersecurity threats on an ongoing basis, including any potential unauthorized occurrence on or conducted through our information systems that may result in adverse effects on the confidentiality, integrity, or availability of our information systems or any information residing therein. As our company grows, we plan to expand our strategy for cybersecurity in alignment with nationally accepted standards. We have not encountered cybersecurity risks that have materially affected or are reasonably likely to materially affect us or our business strategy. For additional information regarding risks from cybersecurity threats, please refer to Item 1A, “Risk Factors,” in this Annual Report on Form 10-K.
Governance
Our management and board of directors recognize the critical importance of maintaining the trust and confidence of our business partners and employees, including the importance of managing cybersecurity risks as part of our larger risk management program. While all of our personnel play a part in managing cybersecurity risks, one of the key functions of our board of directors is informed oversight of our risk management process, including risks from cybersecurity threats. Our board of directors is responsible for monitoring and assessing strategic risk exposure, and
93
our executive officers are responsible for the day-to-day management of the material risks that we face. Our Audit Committee, comprised of members with substantial experience in information technology governance and risk management, oversees our cybersecurity strategy. They are advised by a virtual CISO consultant with Certified Information Security Manager (CISM) and Certified Information Systems Security Professional (CISSP certifications, as well as extensive background in IT infrastructure, risk mitigation, and incident response planning. In general, we seek to address cybersecurity risks through a cross-functional approach that is focused on preserving the confidentiality, integrity, and availability of the information that we collect and store by identifying, preventing, and mitigating cybersecurity threats and effectively responding to cybersecurity incidents when they occur.