Jasper Therapeutics, Inc. - (JSPR)

10-K Filing Date: March 05, 2024
ITEM 1C. CYBERSECURITY

 

Risk Management and Strategy

 

Our Information Security team manages our Information Security Program, which is focused on assessing, identifying, and managing cyber risk and information security threats. We evaluate cybersecurity risk on an ongoing basis, and it is a risk monitored through our overall enterprise risk management program, including by the executive leadership and our Board of Directors (the “Board”), as described below under the sub-heading "Governance."

 

To proactively manage cybersecurity risk in our organization, our management team has instituted an Information Technology Security Policy that is available to all employees through our Quality Management System. We also conduct regular cybersecurity awareness and training campaigns for existing employees. Internal and external stakeholders can access Jasper’s Information Technology helpdesk 24/7 online or by phone, to report any security incidents for escalation.

 

To proactively identify, mitigate, and prepare for potential cybersecurity incidents, we maintain a cyber incident response plan with formalized workflows and playbooks. We conduct simulation exercises involving employees at various levels of the organization. We also periodically engage external partners to conduct annual audits of our systems and test our Information Technology infrastructure. Through these channels and others, we work to proactively identify potential vulnerabilities in our information security system. We recognize that we are exposed to cybersecurity threats associated with our use of third-party service providers. To minimize the risk and vulnerabilities to our own systems stemming from such use, our Information Security team identifies, and addresses known cybersecurity threats and incidents at third-party service providers on a continuous basis. In addition, we strive to minimize cybersecurity risks when we first select or renew a vendor by including cybersecurity risk as part of our overall vendor evaluation and due diligence process.

 

Our risks associated with cybersecurity threats are set forth under “Risk Factors” in Part I, Item 1A in this report. Except as set forth therein, risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have not materially affected and are not reasonably likely to materially affect our company, including our business strategy, results of operations, or financial condition.

 

Governance

 

The Board, in coordination with the Audit Committee of the Board (the “Audit Committee”), oversees our risk management program, including the management of cybersecurity threats. The Board and the Audit Committee each receive regular presentations and reports on developments in the cybersecurity space, including risk management practices, recent developments, evolving standards, vulnerability assessments, third-party and independent reviews, the threat environment, technological trends, and information security issues encountered by our peers and third parties. The Board and the Audit Committee also receive prompt and timely information regarding any cybersecurity risk that meets pre-established reporting thresholds, as well as ongoing updates regarding any such risk. On an annual basis, the Board and the Audit Committee discuss our approach to overseeing cybersecurity threats with our CFO and other members of senior management. Our CEO, CFO and other members of our senior management collectively have several decades of experience managing risk at our company or similar companies and assessing cybersecurity threats.