Page last updated on February 14, 2025
Astera Labs, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-02-13 19:46:00 EST.
Filings
10-K filed on 2025-02-13
Astera Labs, Inc. filed a 10-K at 2025-02-13 19:46:00 EST
Accession Number: 0001736297-25-000003
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
Item 1C. Cybersecurity Risk Management and Strategy We have established policies and processes designed to identify, assess, and mitigate cybersecurity risks. These policies and processes are intended to protect the confidentiality, integrity, and availability of our critical information systems and our critical data, including intellectual property and confidential information that is proprietary, strategic, or competitive in nature. They include the deployment of third-party security solutions and tools designed to monitor, identify, and address cybersecurity risks, as well as the development of an incident response plan informed by the National Institute of Standards and Technology (“NIST”) framework that is designed to identify and manage significant events that may impact our information technology infrastructure, including those arising from or related to cybersecurity threats. As part of our cybersecurity risk management, we conduct periodic risk assessments designed to identify reasonably foreseeable potential internal and external risks, the likelihood of occurrence and any potential damage that could result from such risks, and the sufficiency of existing policies, procedures, systems, controls, and other safeguards in place to manage such risks. We also maintain risk-based processes to assess and review the cybersecurity practices of certain of our third-party vendors and services providers prior to onboarding, including through review of System and Organization (SOC) reports provided by potential vendors and the inclusion of security requirements in contracts, as appropriate. Employees are required to complete annual cybersecurity awareness training designed to raise awareness of cybersecurity threats. While we have not, as of the date of this Form 10-K, experienced a cybersecurity threat or incident that resulted in a material adverse impact to our business or operations, there can be no guarantee that we will not experience such an incident in the future. For more information about the risks from cybersecurity threats, see the risk factors entitled " Cybersecurity risks, including cyber-attacks, data breaches, and system vulnerabilities could adversely affect our business and disrupt our operations " and " An impairment of the confidentiality, integrity, or availability of our IT systems, or those of one or more of our IT vendors could have a material adverse effect on our business ." Governance Our board of directors (“Board”) considers cybersecurity risk as part of its overall risk oversight function and has delegated to the Audit Committee of the Board (the “Audit Committee”) oversight of cybersecurity matters, cybersecurity risk management, disclosure obligations with respect to cybersecurity incidents, and compliance with SEC rules applicable to cybersecurity risk management. The Audit Committee receives quarterly reports from management on our cybersecurity risks. In addition, management will update the Audit Committee, as necessary, regarding any significant cybersecurity incidents. The Audit Committee regularly reports to the full Board regarding its activities, including those related to cybersecurity risk. Our Chief Information Security Officer (“CISO”) , in connection with our IT personnel, is responsible for day-to-day implementation, management and evaluation of our cybersecurity risk assessment and management processes. This team has primary responsibility for our overall cybersecurity risk management program, including monitoring the detection, prevention, mitigation, and remediation of cybersecurity incidents, and works in partnership with our other business leaders, including our Chief Financial Officer and General Counsel. Our CISO supervises both our internal cybersecurity personnel and any retained external cybersecurity consultants. Our CISO has served in various roles in information technology and information security for over 30 years. Our cybersecurity incident response process is designed to escalate significant cybersecurity incidents to a team of business leaders, including, but not limited to, our Chief Financial Officer and General Counsel. In the case of a cybersecurity incident, this team of business leaders will work with our incident response team to help determine the severity of the impact of a cybersecurity incident, as well as to help mitigate and remediate cybersecurity incidents of which they are notified. The incident response team will also work under the oversight of legal counsel and the Audit Committee to determine whether an incident is material for disclosure purposes under applicable law.
Company Information
| Name | Astera Labs, Inc. |
| CIK | 0001736297 |
| SIC Description | Semiconductors & Related Devices |
| Ticker | ALAB - Nasdaq |
| Website | |
| Category | Emerging growth company |
| Fiscal Year End | December 30 |