MATERION Corp 10-K Cybersecurity GRC - 2024-02-15

Page last updated on April 11, 2024

MATERION Corp reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-15 16:10:33 EST.

Filings

10-K filed on 2024-02-15

MATERION Corp filed an 10-K at 2024-02-15 16:10:33 EST
Accession Number: 0001104657-24-000019

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. CYBERSECURITY Risk Management and Strategy We maintain a cybersecurity program designed to protect our company, company data, customer data and personal data within information systems used by the Company. In order to respond to potential cybersecurity threats, we maintain policies, 14 procedures and systems that provide for controls on detecting and addressing cybersecurity threats, including a formal incident response plan. We also maintain business continuity and disaster recovery capabilities, which we test regularly. We have a process designed to address cybersecurity threats at third parties, including service providers, that handle, possess, process and store our information. The oversight of our cybersecurity risk is integrated into our enterprise-wide risk management process. We have a dedicated global cybersecurity team that monitors potential cyber threats and leads our business continuity risk management. We have business continuity plans that identify our critical business systems, establish recovery objectives and create methods for implementing such plans within our business. Our business continuity plans encompass disaster recovery at our data centers such that business operations continue with no or minimal impact. Our business continuity plans will continue to evolve, with the goal of enabling us to operate and maintain our essential functions in the event of a crisis. In addition, we engage third-party assessors, consultants and other third parties from time to time to assist us with assessing, enhancing, implementing, and monitoring our cyber security risk-management programs. We review the results of the assessments and reviews of these third-parties and determined whether to adjust our cybersecurity policies and processes based on their recommendations. We detect frequent attempts by third parties to gain access to our systems and networks, and the frequency of such attempts could increase in the future. As of the date of the filing of this Form 10-K, we are not aware of and do not believe that any such attempts that have occurred since the beginning of 2023 that have had a material effect, or are reasonably likely to have a material effect, on our business, operations, or financial condition. However, there can be no assurance that our protection efforts will be successful. See Risks Relating to Our Business and Operations A security incident impacting customer, employee, supplier, or Company information, or Company systems or infrastructure, may have a material adverse effect on our business, financial condition, and results of operations. in Risk Factors on page 9 of this Form 10-K. Governance While our Board has the ultimate oversight responsibility for the risk management process, the responsibilities of the Audit and Risk Committee of our Board include overseeing cybersecurity. As part of its program of regular oversight, all members of the Audit and Risk Committee are responsible for overseeing cyber, information security, and information technology risk, including management s actions to identify, assess, mitigate, and remediate material cyber issues and risks. The Audit and Risk Committee receives at least quarterly reports from our Chief Information Officer on our information technology and cyber risk profile, enterprise cyber program, key enterprise cyber initiatives, and significant updates on external audits of our information security program. The full Board attends one of the Audit and Risk Committee meetings at which information technology and cyber risk are discussed. Additionally, at least annually, the full Board attends a cybersecurity training from external experts and reviews and discusses our technology strategy with the Chief Information Officer and approves our technology strategic plan. Our senior leadership is responsible for identifying, assessing and managing our exposure to risk, including cybersecurity risks. Our cybersecurity program is led by our Chief Information Officer, who is responsible for assessing and managing material risks from cybersecurity threats, including monitoring the prevention, detection, mitigation and remediation of cybersecurity threats. Our Chief Information Officer reports directly to our Chief Executive Officer. Pursuant to our formal incident response plan, suspected cybersecurity incidents are first evaluated by our Initial Incident Response Team led by our Chief Information Officer and comprised of representatives from our information technology, human resources, safety, legal, finance and communications departments, who jointly determine if the incident may result in a business interruption, require reporting to regulators, employees and/or business partners, have a material financial impact or cause reputational harm and should be escalated to our executive incident response team, which includes our Chief Executive Officer, Chief Financial Officer and General Counsel. For all matters that have been escalated, the responsible team executes specified procedures to contain the incident, implement incident response procedures and implement and document remediation measures. Steve Holt is our Chief Information Officer, a role he has had since he joined Materion in November 2017. Mr. Holt has 40 years of experience in the information technology industry. Prior to joining Materion, Mr. Holt served as Chief Information Officer at Chart Industries as well as other IT-focused positions at TechnOptics, Accuride Corporation and Navistar. 15

Company Information