Sarepta Therapeutics, Inc. - (SRPT)
10-K Filing Date: February 28, 2024
Program Details
Our information security program is developed using industry standards and best practices as a guide, including the National Institute of Standards and Technology (“NIST”) Cybersecurity Framework. The program includes regular internal evaluations, including annual penetration tests and monthly vulnerability scans, as well as evaluations by external vendor partners in support of our operations model. The results of these evaluations are regularly shared with senior management and the Audit Committee of the Board of Directors (the “Audit Committee”), where appropriate.
We have developed and implemented a cybersecurity risk management program intended to protect the Confidentiality, Integrity, and Availability (CIA) of our critical systems and information.
Our cybersecurity risk management program is integrated into our overall enterprise risk management processes and shares common methodologies, reporting channels and governance processes that apply across the enterprise risk management program to other legal, compliance, strategic, operational, and financial risk areas.
Our cybersecurity risk management program includes:
As of the date of this Annual Report, we have not experienced any material cybersecurity incidents, but we cannot provide assurance that we will not be materially affected in the future by such risks or any future material incidents.
Oversight
The Audit Committee oversees our information technology systems and related cybersecurity program. Our cybersecurity program is managed by our dedicated Chief Information Security Officer (CISO), reporting directly to the Company’s Chief Information Officer (the “CIO”), whose team is responsible for leading the Company’s cybersecurity policies and procedures.
-69-
Our CIO has over 25 years of experience and has served in a variety of information systems leadership roles in the life sciences industry supporting research and development, commercial sales and marketing, finance, human resources and other corporate functions, and IT architecture, strategy, and planning.
Our CISO has over 20 years of experience, including experience in creating and managing corporate-wide information technology, information/cybersecurity, compliance, privacy, and risk management programs as well as having implemented these initiatives across global organizations.
At least annually, but more often as needed, our CIO provides updates on the program to the Audit Committee. The CIO also provides regular updates to members of the Company’s senior management team regarding cyber risks, threats and assessments and material cybersecurity developments of the Company’s program.
-70-