Page last updated on July 28, 2025
SERA PROGNOSTICS, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-19 16:16:17 EDT.
Filings
10-K filed on 2025-03-19
SERA PROGNOSTICS, INC. filed a 10-K at 2025-03-19 16:16:17 EDT
Accession Number: 0000950170-25-042017
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
Cybersecurity
We recognize the critical importance of maintaining the trust and confidence of stakeholders toward our business and are committed to protecting the confidentiality, integrity, and availability of our business operations and systems. Our board of directors is actively involved in oversight of our risk management activities, and cybersecurity represents an important element of our overall approach to risk management. Our cybersecurity policies, standards, processes, and practices are based on recognized frameworks established by the National Institute of Standards and Technology (NIST) and other applicable industry standards. We seek to address cybersecurity risks through a comprehensive approach focused on preserving confidentiality, security, and availability of information, by monitoring, identifying, preventing, and mitigating threats and effectively responding to incidents.
Cybersecurity Risk Management and Strategy; Effect of Risk
We face risks related to unauthorized access, cybersecurity attacks, loss of data, and misappropriation of confidential information. To assess and manage these risks, we maintain a comprehensive cybersecurity program with regular monitoring and oversight. The program includes:
- Real-time third-party risk assessments and mitigation
- Data loss prevention and air-gapped backups
- Continuous monitoring and threat response
- Next-generation firewalls and security information/event management (SIEM)
We compare our practices against NIST standards and undertake:
- Monitoring of emerging best practices and legal compliance
- Annual HIPAA security/privacy risk assessments and audits
- Policies and contracts requiring care with confidential information
- Endpoint detection, incident response, and SIEM
- Mandatory employee and contractor training
- Regular phishing simulations
- Use of the NIST incident handling framework
- Cybersecurity risk insurance
- Documented incident response and recovery plans
We evaluate and monitor third-party cybersecurity safeguards through due diligence and oversight. Incidents and threats are addressed with a documented incident response plan that supports compliance and damage mitigation.
Material impacts from past cybersecurity threats or incidents, and their potential future effect on business operations, strategy, or financial condition, are discussed under the relevant risk factor in Item 1A.
Cybersecurity Governance; Management
Cybersecurity oversight is provided by our board of directors, specifically the audit committee. At least annually, the audit committee receives updates on:
- Data security
- Third-party assessment results
- The incident response plan
- Material threats and incidents
These updates include a cybersecurity scorecard and discussions of industry developments, peer benchmarks, and evolving risks. The audit committee interacts with our Chief Information Officer on these topics.
Our cybersecurity strategy and risk management are led by the CIO and the IT team. These individuals have extensive public-company experience in information security and program implementation. They monitor prevention, detection, mitigation, and remediation through the processes described above and report at least annually to the audit committee.
Company Information
| Name | SERA PROGNOSTICS, INC. |
| CIK | 0001534969 |
| SIC Description | Services-Medical Laboratories |
| Ticker | SERA - Nasdaq |
| Website | |
| Category | Non-accelerated filer Smaller reporting company Emerging growth company |
| Fiscal Year End | December 30 |