Viracta Therapeutics, Inc. - (VIRX)

10-K Filing Date: March 07, 2024
Item 1C. Cybersecurity.

Risk Management and Strategy

We have established a cybersecurity committee to oversee the implementation of policies and processes that are designed to protect against and respond to cybersecurity threats. Our cybersecurity policies and procedures are designed to ensure that appropriate cybersecurity measures and controls are developed, implemented, and maintained. These policies and procedures and the resulting safeguards are designed and evaluated in light of yearly risk assessments, which are based on guidance obtained from a recognized national standards organization. We have implemented access controls, firewalls and intrusion detection and prevention systems, vulnerability and patch management processes, and we also use a variety of other automated tools and manual processes safeguard our information systems. We maintain an incident response plan and business continuity and disaster recovery plans designed to enhance our incident response preparedness. We also require employees to undergo security awareness training when they are hired and periodically thereafter.

 

We use third-party security firms in different capacities to provide or operate some of our safeguards and technology systems. For example, we use third party consultants to conduct assessments, such as vulnerability scans and penetration testing.

 

Our cybersecurity policies and processes also include risk-based measures and evaluations of risk related to third parties and, where appropriate, we require third parties to implement and maintain appropriate security measures, consistent with all applicable laws, and to promptly report any suspected breach of its security measures that may affect our company.

84


 

 

Our cybersecurity risk management and strategy processes are led by a team of senior level management, including our Chief Financial Officer, Vice President of Finance, Senior Vice President of Legal and General Counsel and Vice President of Quality. These individuals collectively have significant prior work experience in various roles involving managing information security and implementing effective information and cybersecurity programs. These members of management are informed about and monitor the prevention, mitigation, detection, and remediation of cybersecurity incidents through their management of, and participation in, the cybersecurity risk management and strategy processes described above, including the operation of our incident response plan.

 

As of the date of this Annual Report on Form 10-K, risks from cybersecurity threats, including from any previous incidents, have not materially affected our business, including our business strategy, results of operations, or financial condition. See Item 1A - “Risk Factors” for additional information regarding cyber threats and related risks to our business.

Governance

Our board of directors addresses the Company’s risk management and strategy, including the management of cybersecurity threats, as part of its general oversight function, and our management is responsible for the day-to-day management of the material risks we face. Our board of directors administers its cybersecurity risk oversight function through the Audit Committee.

At least quarterly, the Audit Committee receives a presentation from management members of our cybersecurity committee concerning our cybersecurity threat risk management and strategy processes, which is designed to cover such topics as data security posture, results from third-party assessments, progress towards pre-determined risk-mitigation-related goals, our incident response plan, and cybersecurity threat risks and/or incidents, as well as the steps management has taken to respond to such risks and/or incidents.