Core Laboratories Inc. /DE/ 10-K Cybersecurity GRC - 2024-02-14

Page last updated on April 11, 2024

Core Laboratories Inc. /DE/ reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-14 19:08:23 EST.

Filings

10-K filed on 2024-02-14

Core Laboratories Inc. /DE/ filed an 10-K at 2024-02-14 19:08:23 EST
Accession Number: 0000950170-24-015483

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBER SECURITY The Company maintains information systems which contain personal data, financial reports and proprietary data. As a result, we are exposed to cybersecurity threats which could result in loss of or damage to our intellectual property, proprietary information, client data and reputation, or interruption of our business operations, or additional costs to prevent, respond to, or mitigate cyber-attacks. Our Board of Directors is responsible for oversight of the risks that the Company faces, including cybersecurity threats. Our operating divisions and management teams help identify risks that are relevant to the Company during our periodic business planning and review cycle and rank these risks in relation to the achievement of business objectives. We understand cybersecurity threats to be dynamic and to intersect with various other enterprise risks within the organization. We have therefore integrated cybersecurity risk into our overall risk management program. As a result, in addition to our information technology policies and procedures, we have implemented cybersecurity processes that aim to address, among other things, information security, password security, third party vetting, security incident response and vulnerability management. Our cybersecurity procedures include requiring multiple authentication factors prior to granting access to our assets, launching endpoint security software to guard against malware, viruses, and other cyber-attacks, use of third-party software to automate IT system monitoring for unusual or suspicious activity, conducting annual cybersecurity training for all employees, and providing cybersecurity information to employees through newsletters and fliers. We utilize third-party consultants to assist us with endpoint detection and response and routinely conduct penetration testing of our network infrastructure. Our consultants also provide digital forensics analysis of our systems, as needed. Additionally, we have sought to align our cybersecurity risk management in accordance with the National Institute of Standards and Technology Cybersecurity Framework. We recognize that third-party service providers may introduce cybersecurity risks. In an effort to mitigate these risks, we assess third party cybersecurity controls through a cybersecurity questionnaire and include security and privacy addendums to our contracts where applicable. We have established a permanent management position of Director of Cybersecurity and IT Governance that reports directly to the Chief Financial Officer. Our current Director of Cybersecurity and IT Governance, has an undergraduate degree in computer science and is a Certified Information Systems Security Professional. He possesses over 20 years of IT experience with more than 10 years in managerial positions and has been actively involved in IT security related projects, initiatives, audits and associated program management in the last seven years. As part of our cybersecurity incident response plan, we have established a dedicated incident response team to assess and manage risks arising from cybersecurity threats, consisting of our Director of Cybersecurity and IT Governance and various members of senior management, including our Chief Financial Officer and General Counsel. The Company also maintains an IT Steering Committee as part of its control environment, which meets regularly to address matters pertaining to the Company s information technology systems. The IT Steering Committee is led by the Company s three IT directors, one of which is the Director of Cybersecurity and IT Governance, and is represented by leaders from corporate departments and operations. In each meeting, the Director of Cybersecurity and IT Governance provides an overview of cybersecurity matters, including status update on threat reduction initiatives undertaken by the Company and future initiatives under consideration. 20 The Audit Committee is responsible for overseeing our cybersecurity threat risks and receives updates during its quarterly meetings from our Director of Cybersecurity and IT Governance. At each meeting, the Audit Committee is briefed on matters pertaining to our exposure to material privacy and cybersecurity risks, as well as risks that are deemed to have a moderate or higher business impact, even if immaterial. The Director of Cybersecurity and IT Governance also routinely briefs senior management on such matters as they arise. In addition, we have established a Data Privacy Committee coordinated by our Data Privacy Officer and represented by seven other committee members from various corporate functional departments. The objective of the Committee is to ensure that personal data is protected and handled in accordance with applicable law and Core Lab policies. As of the date of this Annual Report on Form 10-K, we are not aware of any cybersecurity incident or cybersecurity threat that has materially affected, or is reasonably likely to materially affect, our business strategy, results of operations or financial condition. However, we understand that cybersecurity threats are continually evolving, and the possibility of future discovery of cybersecurity incidents remains. Please see Item 1A. Risk Factors for additional information about cybersecurity risks.

Company Information