CHAMPIONS ONCOLOGY, INC. - (CSBR)
10-K Filing Date: July 19, 2024
Item 1C. Cybersecurity
Risk Management and Strategy
We believe we maintain an information technology and security program appropriate for a company of our size, taking into account our operations and risks. We recognize the critical importance of maintaining the trust and confidence of our investors, employees, customers and vendors. Our cybersecurity policies and processes are integrated into the Company's enterprise risk management program. We have implemented processes designed to assess, identify, and manage risks from potential unauthorized occurrences on or through our information technology systems that may result in adverse effects on the confidentiality, integrity, and availability of these systems and the data residing therein. These processes include mechanisms, controls, and certain technologies designed to prevent or mitigate system intrusion or data loss, theft, misuse, or other security incidents or vulnerabilities and maintain a stable and secure information technology environment. For example, we conduct ongoing monitoring of critical systems for any compromised or potentially compromised accounts. We conduct regular trainings on cyber and information security, along with phishing simulations, among other topics. In addition, we consult with an outside information technology consultant on a regular basis to assist with assessing, identifying, and managing cybersecurity risks, including to anticipate future threats and trends, and their impact on the Company’s risk environment.
Governance
Our Board of Directors oversees our risk management process. The Audit Committee, by way of Board delegation, retains oversight of the Company’s cybersecurity risks. The senior leadership team, including our Chief Financial Officer and Chief Executive Officer, provides periodic reports to our Board, as applicable. Our Vice President of Technology is responsible for leading the assessment and management of cybersecurity threats and periodically updating the Audit Committee as needed.
To date, we have not identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected us, including our operations, business strategy, results of operations, or financial condition.