SOLENO THERAPEUTICS INC - (SLNO)

10-K Filing Date: March 07, 2024
Item 1C. Cybersecurity

Our board of directors is responsible for overseeing our risk management program and cybersecurity is a critical element of this program. Management is responsible for the day-to-day administration of our risk management program and our cybersecurity policies, processes, and practices. Our cybersecurity policies, standards, processes, and practices are based on recognized frameworks established by the Center for Internet Security (CIS) and other applicable industry standards and are integrated into our overall risk management system and processes. We have not identified any risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected or are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition. We face certain ongoing risks from cybersecurity threats that, if realized, are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition. See “Risk Factors - Intrusions into our computer systems could result in compromise of confidential information.”

Cybersecurity Risk Management and Strategy

Our cybersecurity risk management strategy focuses on several areas:

Identification and Reporting: We have implemented a cross-functional approach to assessing, identifying and managing material cybersecurity threats and incidents. Our program includes controls and procedures to identify, classify and escalate certain cybersecurity incidents to provide management visibility and obtain direction from management as to the public disclosure and reporting of material incidents in a timely manner.
Technical Safeguards: We implement technical safeguards that are designed to protect our information systems from cybersecurity threats, including firewalls, intrusion prevention and detection systems, anti-malware functionality, and access controls, which are evaluated and improved through vulnerability assessments and cybersecurity threat intelligence, as well as outside audits and certifications.
Incident Response and Recovery Planning: We are establishing incident response, business continuity, and disaster recovery plans designed to address our response to a cybersecurity incident.
Third-Party Risk Management: We maintain a risk-based approach to identifying and overseeing material cybersecurity threats presented by third parties, including vendors, service providers, and other external users of our systems, as well as the systems of third parties that could adversely impact our business in the event of a material cybersecurity incident affecting those third-party systems, including any outside auditors or consultants who advise on our cybersecurity systems.
Periodic Assessments: We conduct periodic assessments and testing of our policies, standards, processes, and practices in a manner intended to address cybersecurity threats and events. The results of such assessments, audits, and reviews are evaluated by management and reported to our Audit Committee and our board of directors, and we adjust our cybersecurity policies, standards, processes, and practices as necessary based on the information provided by these assessments, audits, and reviews.

Governance

Our board of directors oversees our risk management program, including the management of cybersecurity threats as part of its general oversight function. Our Audit Committee is taking the lead on behalf of the board of directors on oversight of our cybersecurity risk management program and receives reports from management concerning our cybersecurity risk management program.

Our cybersecurity risk assessment and management processes are implemented and maintained by various members of our management team, IT department and other employees, including but not limited to the individuals on our cybersecurity incident management team, which includes individuals who have a diverse combination of relevant expertise, experience, education and training, with representation from our IT, finance, legal, human resources, among others. Our team includes individuals with relevant experience in enterprise risk management and disclosure controls and procedures. Additionally, certain members of our IT department have experience managing cybersecurity programs and are specifically assigned cybersecurity oversight. Our cybersecurity incident response processes are designed to escalate certain cybersecurity incidents to members of management depending on the

53

 

circumstances, including in some cases to our executive team. Our cybersecurity incident management team, and other individuals as needed, work to help us mitigate and remediate cybersecurity incidents of which we are notified.

Back SEC Filing