Cybersecurity Risk Management and Strategy

iSpecimen maintains an Information Security Management Program (“ISMP”) with a primary goal to reduce risks to iSpecimen by protecting and supporting the confidentiality, availability, and integrity of information assets including personally identifiable information. Our cross-functional Risk Management Committee, with direction and support from our Board including the Audit Committee, works to identify, assess, and manage material risks including those from cybersecurity threats. iSpecimen invests in administrative, technical, and physical safeguards, including support from external solution providers and auditors, to maintain information security protections of our data and to safeguard customers, suppliers, employees, and business partners.

Cybersecurity Governance

The Risk Management Committee meets on an annual basis to review the currently identified risks to the business and how they are being managed, identify and assess any new material risks, and recommend any changes to our risk management positions. The Risk Management Committee includes the Chief Executive Officer, and other members of our senior leadership team. The risks considered include those associated with the use of third-party service providers. For an expanded view of the risks regarding a cybersecurity incident, please see “If our security measures are breached, or if our services are subject to attacks that degrade or deny the ability of users to access our platforms, our platforms and applications may be perceived as not being secure, customers and suppliers may curtail or stop using our services, and we may incur significant legal and financial exposure” under the “Risk Factors” section of this Annual Report.