Quanterix Corp - (QTRX)

10-K Filing Date: February 29, 2024
ITEM 1C. CYBERSECURITY

We maintain a cybersecurity risk management program designed to identify, assess, manage, mitigate and respond to cybersecurity threats. Our cybersecurity program is overseen by our Chief Information Officer (“CIO”), who has more than 20 years of experience in information technology. This program incorporates policies, processes, and activities over domains such as access control; facility and data protection; IT systems and data transmission security; threat intelligence and incident response; third-party risk management; disaster recovery; and vulnerability management. We have implemented a risk-based approach to identify and assess the cybersecurity threats that could affect our business and information systems. Thus, we base our program on multiple security frameworks including the National Institute of Standards and Technology (“NIST”), HIPAA, and privacy laws such as the E.U.’s GDPR. We also require that third-party service providers with access to personal or proprietary information implement and maintain cybersecurity practices consistent with applicable legal standards.

Cybersecurity is complex and subject to constantly evolving threats. Accordingly, we engage a range of external experts, including cybersecurity consultants and auditors in evaluating and testing our risk management systems. These partnerships enable us to leverage specialized knowledge and insights. Our collaboration with these third-party experts includes regular audits, threat assessments, and consultation on security enhancements.

Our CIO is tasked with ensuring that the highest levels of management and our Board of Directors are informed about the cybersecurity posture and potential risks facing the Company. Our CIO regularly briefs our CEO about cybersecurity risk management. The CIO’s staff regularly informs the CIO about the latest developments in cybersecurity, including potential threats and risk management techniques. In the event of a cybersecurity incident, the CIO is informed promptly following its detection, and our response is governed by a detailed incident response plan that includes prompt actions to mitigate the impact of the incident and longer-term strategies for remediation and prevention of future incidents. The CIO has also chartered an Information Security Steering Committee made up of cross-functional executive leaders that meets quarterly on topics such as the current cybersecurity landscape and emerging threats; status of ongoing cybersecurity initiatives and strategies; incident reports and learnings from any cybersecurity events; and compliance with regulatory requirements and industry standards.

Cybersecurity risk management is integrated into our broader risk management framework. The Audit Committee of our Board of Directors, which has responsibility for oversight of risk management, also has responsibility for oversight of our program, policies and procedures related to information security and data protection. On a regular basis, the CIO reports to the Audit Committee of our Board of Directors on cybersecurity risks as well as mitigation strategies and the status of initiatives to strengthen our information security systems. The CIO also provides periodic updates to our full Board of Directors, as appropriate.

For a discussion of our risks related to cybersecurity, see the section titled, “Item 1A. Risk Factors – Risks Related to our Operations – Cybersecurity breaches, loss of data and other disruptions could compromise sensitive information related to our business or prevent us from accessing critical information and expose us to liability, which could adversely affect our business and our reputation.

39