Adaptive Biotechnologies Corp - (ADPT)
10-K Filing Date: February 29, 2024
As trusted partners to healthcare providers, patients, biopharmaceutical companies, academic and non-profit institutions, business partners and employees, we appreciate the importance of maintaining a comprehensive and trustworthy information security program. Our information security program is fully integrated into our operations, and a hallmark of our program is its cross-functional approach with our internal privacy objectives and stakeholders.
Our cybersecurity program is based on the ISO 27001 security controls set, and in particular, it focuses on the principles of confidentiality, integrity and availability. We maintain an ISO 27001 certification with a fully integrated set of operational policies and procedures to adhere to the 14 domains of ISO 27001. This includes but is not limited to the organization of information security to assign roles and responsibilities within Adaptive, access control to restrict employees’ access to view only that information that is relevant to their roles, information security incident management, and compliance to broadly ensure alignment with applicable laws and regulations. We perform an annual risk assessment conducted by an outside assessor and operate a vendor risk assessment program for third party vendors to evaluate how their systems may impact our business in the event of a cybersecurity incident. We also provide annual, mandatory cybersecurity training for employees to equip our workforce with the knowledge to identify and respond to cybersecurity threats, such as phishing attempts.
The internal body with executive oversight of our cybersecurity program is our Privacy and Information Security Steering Committee (“PISSC”), which applies a multidisciplinary framework to cybersecurity risks and risk assessment by integrating information security, privacy and human resources expertise, oversight and reporting. The PISSC is made up of our Head of Security, Privacy Officer, Chief Operations Officer, Chief Financial Officer, General Counsel and Chief People Officer and meets on a quarterly basis. Our Head of Security is a senior information security professional with more than 20 years of experience implementing and leading security programs. Our Head of Security holds an undergraduate degree in computer science, has a Six Sigma certification in Total Quality Management and is a Certified Information Systems Security Professional (“CISSP”).
Our board of directors is kept apprised of cybersecurity risks and assessments through regular presentations to the Audit Committee regarding our information security and privacy governance and reports on information security and privacy incidents. Cybersecurity threats, including as a result of any past cybersecurity incidents, have not materially affected us, including our business strategy, results of operations or financial condition. For more information regarding how cybersecurity risks may affect us, see the “Risk Factors” section.