Inozyme Pharma, Inc. - (INZY)
10-K Filing Date: March 12, 2024
We have certain processes for assessing, identifying, and managing cybersecurity risks, which are built into our overall information technology function and are designed to help protect our information assets and operations from internal and external cyber threats, protect information from unauthorized access or attack, as well as secure our network and systems. Such processes include physical, procedural, and technical safeguards, response plans, regular tests on our systems, incident simulations, and routine review of our policies and procedures to identify risks and improve our practices. We engage certain external parties, including consultants, computer security firms and risk management, peer companies, industry groups, and governance experts, to enhance our cybersecurity oversight. We consider the internal risk oversight programs of third-party service providers before engaging them to help protect us from any related vulnerabilities. As part of our overall risk mitigation strategy, we also maintain cyber insurance coverage; however, such insurance may not be sufficient in type or amount to cover us against claims related to security breaches, cyber attacks, and other related breaches.
The Audit Committee of our Board of Directors provides direct oversight over cybersecurity risk and provides periodic updates to the Board of Directors regarding such oversight. The Audit Committee receives periodic updates from management regarding cybersecurity matters and is notified between such updates regarding significant new cybersecurity threats or incidents.
Our Executive Director of Information Technology leads the operational oversight of company-wide cybersecurity strategy, policy, standards, and processes and works across relevant departments to assess and help prepare us and our employees to address cybersecurity risks. The Executive Director of Information Technology has over 25 years of experience working with life science companies and venture capital firms in the information technology field, a certificate from HarvardX (Cybersecurity: Managing Risk), and an active membership in Health-ISAC.
We have also established a cross-functional Cybersecurity Steering Committee, led by our Chief Executive Officer serving as the chair and consisting of other executive-level leaders, that is responsible for providing leadership in the protection of information assets and technology. The committee members advise on and prioritize the development of information security initiatives, projects, and policies as advocates for our stakeholders. This committee is also charged with helping to resolve security and compliance risk issues affecting us.
In order to help deter and detect cyber threats, we provide all employees, including part-time and temporary employees, with a monthly data protection, cybersecurity, and incident response and prevention training and compliance program, which covers timely
117
and relevant topics, including social engineering, phishing, password protection, confidential data protection, asset use, and mobile security, and educates employees on the importance of reporting all incidents immediately. We engage third-party vendors for 24/7 monitoring and comprehensive incident response measures. We also use technology-based tools to mitigate cybersecurity risks and to bolster our employee-based cybersecurity programs.
We do not believe that there are currently any known risks from cybersecurity threats that are reasonably likely to materially affect us or our business strategy, results of operations, or financial condition.