Xeris Biopharma Holdings, Inc. - (XERS)
10-K Filing Date: March 06, 2024
ITEM 1C. CYBERSECURITY
Risk Management and Strategy
In the normal course of business, we collect and store personal information and other sensitive information, including proprietary and confidential business information, intellectual property, information regarding patients, sensitive third-party information and employee information. To protect this information, we have implemented a framework that is designed to identify, assess, and mitigate cybersecurity threats.
We use managed detection and response services to monitor our network infrastructure and associated endpoints for possible cybersecurity threats. In addition, we engage third parties to perform penetration testing and to assess the effectiveness of our cybersecurity practices. We conduct a cybersecurity risk assessment by identifying critical assets, recognizing potential threats and vulnerabilities, and implementing strategies to mitigate these cybersecurity risks and their possible impacts. We also actively engage with key vendors and industry participants as part of our continuing efforts to evaluate and enhance the effectiveness of our information security policies and procedures.
We have established a cybersecurity incident response plan and provide cybersecurity training to our employees and monitor their activity for adherence to our security protocols.
No risks from cybersecurity threats have occurred that have affected our business strategy, results of operations, or financial condition. See “Risk Factors - General Risk Factors” for additional information.
Governance
64
Our information security program is overseen by our Executive Director of Information Technology (“IT”). The Executive Director of IT reports to the Chief Financial Officer and oversees the team responsible for leading enterprise-wide cybersecurity strategy, policy, standards, and processes. The Executive Director of IT possesses over twenty-five years of experience in information technology and approximately ten years in cybersecurity risk management.
Our Board of Directors (“Board”) has responsibility for oversight of risk management and, pursuant to the Audit Committee Charter, has delegated to our Audit Committee oversight of our cybersecurity risk management program. The Executive Director of IT provides reports to the Audit Committee at least annually as well as the Chief Executive Officer and other members of our senior management as appropriate. These reports include updates on the Company’s cyber risks and threats, the status of projects to strengthen our information security systems, assessments of the information security program, and the emerging threat landscape. Our program is regularly evaluated by internal and external security professionals with the results of those reviews reported to senior management and the Board.