Apellis Pharmaceuticals, Inc. - (APLS)
10-K Filing Date: February 27, 2024
We have certain processes for assessing, identifying and managing cybersecurity risks, which are built into our information technology function and are designed to help protect our information assets and operations from internal and external cyber threats and employee, health care professionals, or HCPs, and patient information from unauthorized access or attack, as well as secure our networks and systems. Such processes include physical, procedural and technical safeguards, response plans, regular tests on our systems, incident simulations and routine review of our policies and procedures to identify risks and improve our practices. We engage certain external parties, including consultants, independent privacy assessors, and computer security firms to enhance our cybersecurity oversight. We consider the internal risk oversight programs of third-party service providers before engaging them in order to help protect us from any related vulnerabilities.
We do not believe that there are currently any known risks from cybersecurity threats that are reasonably likely to materially affect us or our business strategy, results of operations or financial condition.
The Audit Committee of the Board of Directors provides direct oversight over cybersecurity risk. The Audit Committee receives quarterly updates from management regarding cybersecurity matters, and is notified between such updates regarding significant new cybersecurity threats or incidents.
Our Head of Information Technology leads the operational oversight of company-wide cybersecurity strategy, policy, standards and processes and works across relevant departments to assess and help prepare us and our employees, HCPs and patients to address cybersecurity risks. The Head of Information Technology cybersecurity function brings security credentials and expertise, with broad global cybersecurity and compliance experience in life science, healthcare, and federal government. In addition to our cybersecurity
98
team, a managed security service provider provides us with additional coverage to monitor, detect and respond to threats and vulnerabilities.
In an effort to deter and detect cyber threats, we provide all employees, including part-time and temporary employees, with cybersecurity information and training, which covers timely and relevant topics, including social engineering, phishing, password protection, confidential data protection, asset use and mobile security, and educates employees on the importance of reporting all incidents immediately. Our third-party risk management program is integrated with global sourcing and procurement, and requires vendor risk assessments, incident reporting, and data protection controls. We also use technology-based tools to mitigate cybersecurity risks and to bolster our employee-based cybersecurity programs.