Item 1C. Cybersecurity

 

Risk Management and Strategy

 

We have developed and implemented cybersecurity risk management processes intended to protect the confidentiality, integrity and availability of our critical systems and information.

 

Our cybersecurity risk management program includes:

 

	●	physical, technological and administrative controls intended to support our cybersecurity and data governance framework, including protections designed to protect the confidentiality, integrity and availability of our key information systems;
	●	risk assessments designed to help identify material cybersecurity risks to our critical systems and information;
	●	designated team members are responsible for managing our cybersecurity risk assessment processes, our security controls, and our response to cybersecurity incidents; and
	●	the use of external service providers, where appropriate, to assess, test or otherwise assist with aspects of our security controls.

 

We have not identified risks from known cybersecurity threats that have materially affected or are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition. See Item 1A. “Risk Factors – Cyber-attacks or other failures in our telecommunications or information technology systems, or those of our collaborators, CROs, third-party logistics providers, distributors or other contractors or consultants, could result in information theft, data corruption and significant disruption of our business operations.”

 

Governance

 

Our Board considers cybersecurity risk as part of its risk oversight function. The Audit Committee oversees our cybersecurity and other information technology risks and management’s implementation of our cybersecurity risk management program. The Audit Committee receives periodic reports from management on our cybersecurity risks. In addition, management updates the Board and the Audit Committee, as necessary, regarding any material cybersecurity incidents, as well as any incidents with lesser impact potential.

 

Our management team, including our Chief Financial Officer, is responsible for assessing and managing our material risks from cybersecurity threats. Our Chief Financial Officer has primary responsibility for our overall cybersecurity risk management program. Our Chief Financial Officer has experience supervising and managing company information technology departments.

 

Our management team supervises efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, which may include briefings from external security personnel; threat intelligence and other information obtained from governmental, public or private sources; and alerts and reports produced by security tools deployed in the information technology environment.