Intellia Therapeutics, Inc. - (NTLA)
10-K Filing Date: February 22, 2024
Risk management and strategy:
We face a number of cybersecurity risks in connection with our business and recognize the growing threat within the general marketplace and our industry. To help the Company address these risks, we have implemented a cybersecurity risk management program that is informed by recognized industry standards and frameworks and incorporates elements of the same, including elements of the National Institute of Standards and Technology Cybersecurity Framework.
Our cybersecurity risk management program includes a number of components, including but not limited to a Cybersecurity Incident Response Plan (“CSIRP”), annual cybersecurity awareness training for our employees, vendor risk management, regular system maintenance including application of security patches as appropriate, regular penetration test and security assessments and implementation of enhancements to security measures used to protect our systems and data.
We maintain a CSIRP that is designed to guide our incident response process for cybersecurity incidents that could affect our systems, network, or data. The CSIRP identifies the individuals responsible for developing, maintaining, and following appropriate procedures to identified cybersecurity incidents. We periodically test our CSIRP using tabletop exercises with the goal of improving our processes and preparedness.
88
Risks from cybersecurity threats have not to date materially affected us, including our business strategy, results of operations or financial condition. For more information about the cybersecurity risks we face, see the risk factor entitled “Our internal computer systems, or those of our collaborators or other contractors or consultants, may fail or suffer security breaches, which could result in a material disruption of our operations and development efforts” in Item 1A-Risk Factors.
Governance:
The Board of Directors, as a whole and through its committees, has responsibility for the oversight of risk management, which includes ensuring that the risk management process implemented within our organization is appropriate and functioning as designed. The Audit Committee of our Board of Directors oversees cybersecurity risks pursuant to its charter, and our governance framework includes oversight by the Audit Committee. The Audit Committee, with assistance from our management, including our Head of IT, periodically reports to the full Board of Directors to inform them of potential cyber risks and threats, the status of projects to further develop our information security systems, and the emerging cybersecurity threat landscape.
Our Head of IT is responsible for strategic leadership of our cybersecurity risk management program. The Head of IT role is currently held by an individual who has approximately eighteen years of professional IT management experience. Our Head of IT also provides regular updates on our cybersecurity risk to our executive leadership team and other management committees responsible for IT and cybersecurity risk management.