Septerna, Inc. 10-K Cybersecurity GRC - 2025-03-27

Page last updated on March 27, 2025

Septerna, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-27 08:25:34 EDT.

Filings

10-K filed on 2025-03-27

Septerna, Inc. filed a 10-K at 2025-03-27 08:25:34 EDT
Accession Number: 0000950170-25-045745

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. Cybersecurity Risk Management and Strategy We have implemented a cybersecurity risk management program in accordance with our risk profile and business size that is informed by recognized industry standards, including elements of the National Institute of Standards and Technology Cybersecurity Framework and International Organization for Standardization 27001 Framework. Our cybersecurity risk management program is comprised of a number of components, including but not limited to written information security policies, external cybersecurity risk assessments, and system monitoring. We also have an employee privacy and data security training awareness program that includes cybersecurity risk awareness trainings and phishing campaigns. We maintain an incident response plan to help guide our response to cybersecurity incidents. We leverage the cybersecurity services of third-party vendors, including a third-party managed services provider and IT consultants, to support our cybersecurity risk management program and assist us in conducting external cybersecurity risk assessments. As part of our cybersecurity risk management program, we take a risk-based approach to the evaluation of third-party vendors. As part of our vendor diligence process we require vendors with access to our information technology systems and infrastructure to complete information security program questionnaires. We have not identified any cybersecurity incidents or threats that have materially affected us or are reasonably likely to materially affect us, including our business strategy, results of operations or financial condition. However, like other companies in our industry, we and our third-party vendors have from time to time experienced threats relating to our and our third-party vendors’ information systems and infrastructure. For more information, please see “Item 1A, Risk Factors.” Governance Related to Cybersecurity Risks Our board of directors has delegated cybersecurity risk management to our Audit Committee as part of the Audit Committee’s general risk oversight function. The Audit Committee, through the oversight of the General Administrative Leadership team, is responsible for overseeing the Company’s cybersecurity risk management processes, including oversight of mitigation of risks from cybersecurity threats. Our cybersecurity risk assessment and management processes are implemented and maintained by our General Administrative Leadership team, which consists of our CEO, CFO, COO, CPO, Vice President of Finance and Business, Vice President of Technology and our Head of Information Technology (“IT”), and is responsible for the strategic leadership of our cybersecurity risk management program. Our Head of IT, who also serves as our Information Security Officer, is responsible for the day-to-day management of our cybersecurity risk management program. The individual who is currently in this role has over thirty years of experience in information technology and cybersecurity risk management. Our Head of IT relies on both internal and external cybersecurity resources to manage and remain appraised of overall cybersecurity risks to our business and our industry. The General Administrative Leadership team provides regular briefings regarding cybersecurity risk and related matters to our Audit Committee. Such briefings may include a discussion of cybersecurity risks and applicable risk assessments, key updates regarding our cyber strategy and related initiatives, and the emerging cybersecurity threats that may impact our business. We also provided the full board of directors with updates on matters relating to cybersecurity risk management, as necessary. 100

Company Information