Tarsus Pharmaceuticals, Inc. - (TARS)

10-K Filing Date: February 27, 2024
Item 1C. Cybersecurity.
We continue to make substantial investments to augment the capabilities of our people, processes, and technologies in order to address our cybersecurity risks. Our cybersecurity risks, and the controls designed to mitigate those risks, are integrated into our overall risk management governance and are reviewed quarterly by our Board of Directors.
93


Risk Management and Strategy
As of December 31, 2023, we've implemented a set of comprehensive cybersecurity and data protection policies and procedures. Our employees and contractors receive regular cybersecurity awareness trainings, including specific topics related to social engineering and email frauds. We have capable employees and consultants with significant expertise and certifications in cybersecurity related to our industry. We invest in advanced technologies for continuous cybersecurity monitoring across our information technology environment which are designed to prevent, detect, and minimize cybersecurity attacks, as well as alert management of such attacks.
Our ITGCs are firmly established based on recognized industry standards and cover areas such as risk management, data backup, and disaster recovery. We have implemented processes to monitor security threats and vulnerabilities and respond to all cybersecurity incidents affecting us, including prompt escalation and communication of major security incidents to senior business leadership and our Board of Directors. We conduct cybersecurity penetration testing annually to identify and remediate cybersecurity gaps. We also perform cybersecurity assessments of all our third-party providers who have access to our information technology systems and data.
Primary responsibility for assessing, monitoring and managing our cybersecurity risks rests with the Head of IT who reports to our Chief Financial Officer, to manage the risk assessment and mitigation process. We have a dedicated IT resource with expertise in cybersecurity and risk management who is dedicated to working with our internal IT team on cybersecurity risk management.
We also engage other consultants, and other third parties in connection with our risk assessment and mitigation processes. These service providers assist with the design and implementation of our cybersecurity policies and procedures, as well as monitor and test our safeguards. We require each third-party service provider to certify that it has the ability to implement and maintain appropriate security measures, consistent with all applicable laws, to implement and maintain reasonable security measures in connection with their work with us, and to promptly report any suspected breach of its security measures that may affect our company.
Governance
Our Board of Directors and Audit Committee are responsible for overseeing our cyber security risk management and strategy.
Our Head of IT provides periodic briefings to the Audit Committee including our cybersecurity risks and activities, any potential cybersecurity incidents and related responses, cybersecurity systems testing and, activities of third parties. Our Audit Committee regularly meets with our Chief Financial Officer and Head of IT about the Company’s ongoing compliance and risk management and reports to the Board regularly.
Cybersecurity Threat Disclosure
To date, we are not aware of any cybersecurity threats that have materially affected or are reasonably likely to materially affect the Company.
For further discussion of cybersecurity risks, please see Item 1A, “Risk Factors”.