Serve Robotics Inc. /DE/ 10-K Cybersecurity GRC - 2025-03-06

Page last updated on March 6, 2025

Serve Robotics Inc. /DE/ reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-06 16:09:58 EST.

Filings

10-K filed on 2025-03-06

Serve Robotics Inc. /DE/ filed a 10-K at 2025-03-06 16:09:58 EST
Accession Number: 0001832483-25-000010

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Cybersecurity Risk Management and Strategy We recognize the importance of assessing, identifying, and managing material risks associated with cybersecurity threats, as such term is defined in Item 106(a) of Regulation S-K. These risks include, among other things, operational risks; intellectual property theft; fraud; extortion; harm to robots, employees or customers; violation of privacy or security laws and other litigation, legal and reputational risks. We have implemented several cybersecurity processes, technologies, and controls to aid in our efforts to assess, identify, and manage such material risks. As part of these processes, and to ensure confidentiality, integrity and availability of critical data and systems, we have implemented various technologies that aid in the prevention, detection, investigation, response and remediation of vulnerabilities, cybersecurity incidents and risks. These technologies and processes include, but are not limited to, mobile device management, virtual private network security services, attack surface management services, cloud threat detection and response systems, cloud security posture management solutions, cloud-native security scanners and source code analysis tooling, continuous compliance monitoring and security awareness training solutions. Evaluation and mitigation of Third-party risks are included within our broader overall risk assessment process. We perform diligence on third parties that have access to our systems, data or facilities that house such systems or data, and where necessary, we require those third parties that could introduce significant cybersecurity risk to us to agree by contract to manage their cybersecurity risks in specified ways, and to agree to be subject to cybersecurity audits, which we conduct as appropriate. Please see the risk factor entitled “We are subject to cybersecurity risks to our operational systems, security systems, infrastructure, integrated software in our products and data processed by us or third-party vendors..” in Part I, Item 1A. Risk Factors in this report for more information. The security and infrastructure teams are responsible for the continuous monitoring, reporting and response to threats and vulnerabilities discovered through the deployment and operation of these tools. As part of our risk management strategy, our cybersecurity team conducts routine vulnerability and risk assessments within our product operations and service environments. The results of these reviews and any incidents identified by security tooling are reported to senior management and the internal steering committee as part of the quarterly reporting process. As part of routine security assessments, if any deficiencies relating to internal technology controls over financial reporting are discovered, the VP of Security is required to report them directly to the executive management team and internal steering committee without delay. In the last three fiscal years, we are not aware of and have not experienced any material cybersecurity incidents and the expenses we have incurred from cybersecurity incidents were immaterial. We have not been faced with any penalties or settlements related to cybersecurity. Cybersecurity Governance Our internal steering committee and board of directors oversees our risk management strategies and processes, regarding risk assessment and risk management as they relate to cybersecurity. Our security team is led by our VP of Security who has over 15 years of direct cybersecurity experience that includes incident response, security operations and management. The security and infrastructure teams are responsible for implementing and maintaining cybersecurity and data protection controls and practices for the protection of our robots, customer and company information, systems and data. The VP of Security in coordination with our internal steering committee, whose members include professionals from our executive team, general counsel, product and technology and finance teams, meet quarterly to review our Cybersecurity risk exposure, discuss internal and external threat actors and prioritize remediation strategies. The internal steering committee makes decisions on the avoidance, transference, acceptance and mitigation of our overall cybersecurity risk exposure. Our steering committee, typically in joint session with the full board of directors , meets quarterly with Serve executive leadership to receive reports regarding our overall security posture. These reports include updates on the implementation of cybersecurity controls, data security, risk assessments, the status of internal cybersecurity projects, technology compliance, employee awareness training and any notable incidents and remediation that have occurred within the quarter.

Company Information