Progyny, Inc. 10-K Cybersecurity GRC - 2025-03-03

Page last updated on March 3, 2025

Progyny, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-03 09:23:19 EST.

Filings

10-K filed on 2025-03-03

Progyny, Inc. filed a 10-K at 2025-03-03 09:23:19 EST
Accession Number: 0001551306-25-000040

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY At Progyny, cybersecurity risk management is an integral part of our broader risk management system and processes. Our cybersecurity risk management program incorporates industry-standard frameworks, policies and practices designed to protect the security of our technology infrastructure and sensitive information. Our cybersecurity risk management program provides a framework for handling cybersecurity threats and incidents, including receiving notification of threats and incidents associated with the use of services provided by business associates. This framework includes steps for assessing the severity of a cybersecurity threat, identifying the source of a cybersecurity threat, including whether the cybersecurity threat is associated with a third-party service provider, and implementing cybersecurity countermeasures and mitigation strategies. In addition, it provides steps for our cybersecurity team to report to management and our Board of Directors on information security and cybersecurity matters, including material cybersecurity threats and incidents. We have established and test our disaster recovery plan, and we protect against business interruption by backing up our major systems. Our cybersecurity team engages third-party security experts for risk assessments and system enhancements, including a third-party security consultant that conducts regular network security reviews, scans and audits. In addition, we have implemented various preventive measures, such as protections designed to safeguard against cyberattacks, including employee training, multifactor authentication, firewalls and virus detection software, periodic scans of our environment for any vulnerabilities and penetration testing. Our Board of Directors has overall oversight responsibility for our risk management and has delegated cybersecurity risk management oversight to the Audit Committee. T he Audit Committee is responsible for ensuring that management has processes in place that are designed to identify and evaluate cybersecurity risks to which we are exposed and has implemented processes and programs to manage cybersecurity risks and mitigate cybersecurity incidents. The Audit Committee reports material cybersecurity risks to our full Board of Directors. Management is responsible for identifying, considering and assessing material cybersecurity risks on an ongoing basis, establishing processes to ensure that such potential cybersecurity risk exposures are monitored, implementing appropriate mitigation measures and maintaining our cybersecurity program . Our cybersecurity program is overseen by our Chief Information Security Officer, who receives reports from our cybersecurity team and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents. Our Chief Information Security Officer and cybersecurity team are experienced information systems security professionals and information security managers with many years of experience. Management, including our Chief Information Security Officer and cybersecurity team, regularly update the Audit Committee on our cybersecurity program, material cybersecurity risks and mitigation strategies and provide cybersecurity reports annually that cover, among other topics, third-party assessments of our cybersecurity program, developments in cybersecurity and updates to our cybersecurity program and mitigation strategies. In 2024, we did not identify any cybersecurity threats that have materially affected or are reasonably likely to materially affect our business strategy, results of operations, or financial condition. However, despite our efforts, we cannot eliminate all risks from cybersecurity threats or provide assurances that we have not experienced an undetected cybersecurity incident. For more information about these risks, please see “Risk Factors-If our information technology systems, or those of the third parties with whom we do business, including our provider clinics, specialty pharmacies or other vendors, lag, fail or suffer cybersecurity breaches, we may experience a material disruption of our services or suffer a loss or inappropriate disclosure of confidential information, which could materially impact our business and results of operations” in this Annual Report on Form 10-K.


Company Information

NameProgyny, Inc.
CIK0001551306
SIC DescriptionServices-Misc Health & Allied Services, NEC
TickerPGNY - Nasdaq
Website
CategoryLarge accelerated filer
Fiscal Year EndDecember 30