Targa Resources Corp. 10-K Cybersecurity GRC - 2024-02-15

Page last updated on April 11, 2024

Targa Resources Corp. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-15 16:01:08 EST.

Filings

10-K filed on 2024-02-15

Targa Resources Corp. filed an 10-K at 2024-02-15 16:01:08 EST
Accession Number: 0000950170-24-015841

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity . Description of Processes for Assessing, Identifying, and Managing Cybersecurity Risks Cybersecurity risk is an area of focus for Targa, particularly as our operations become increasingly dependent on digital technologies. Across the world, cybersecurity incidents are occurring more frequently, use increasingly sophisticated methods and could pose serious risks to the Company s data integrity, reputation, operations and revenue. The Company has a cybersecurity program, which uses technology and processes to help mitigate cybersecurity risks, with our Security Operations team working to monitor, assess, identify, and respond to potential cybersecurity incidents that threaten the Company. The program also focuses on security awareness and training for employees and contractors with access to Company facilities or systems. We utilize the National Institute of Standards and Technology Cybersecurity Framework as well as supplemental guidance for information and operational technologies to assess current risks against deployed current countermeasures. We seek to follow federal and state statutory and regulatory guidance and have adopted internal policies and standards that we believe are in alignment with these requirements. Our cybersecurity program covers Targa s general corporate information and operational technology systems, which support our various lines of business. Our cybersecurity program also follows defense in depth principles, which aim to implement various layered access control, detection, prevention, and response measures. Targa has formal disaster recovery and business continuity plans, as well as a Cyber Incident Response Plan, which is periodically tested using tabletop exercises. We regularly engage with independent third parties to assess our vulnerabilities and help us mitigate cybersecurity-related risks. Targa s security posture is also tested by internal Targa personnel and independent third parties to gauge its effectiveness. Our cybersecurity program includes a formally documented process for oversight of cybersecurity risks associated with our third-party service providers. This process begins prior to engagement. Third-party service providers are evaluated using independent assessment tools to gauge their security posture. The above cybersecurity risk management processes are integrated into our overall risk management program. While we seek to continually evaluate cybersecurity risks based upon emerging threats as a part of the Company s risk management processes, overall cybersecurity risks to the Company are also evaluated annually by independent consultants and learnings are incorporated into the overall Company risk matrices. Our Code of Conduct communicates our expectation that employees and contractors will maintain the security of our information technology systems. All employees are presented with Code of Conduct training annually. Each employee s and contractor s ability to recognize and report cyber threats is an important component of our cybersecurity program. As a result, security awareness and training are provided to employees and contractors with access to our facilities or systems. We focus on increasing employee awareness of phishing attempts and train employees to be aware of cyber risks. We recognize that cybersecurity risks continue to emerge and evolve. Assessment and enhancement of our security posture in predicting and responding to the changing threat landscape are core goals of our cybersecurity program. Targa maintains relationships with various cybersecurity industry subject matter experts, governmental agencies, law enforcement research and benchmarking organizations, and industry peers as part of our effort to improve our program based on threat information and available countermeasures. We continue to make investments in new technologies to protect our facilities, users, and stakeholders, and to protect the personally identifiable information we maintain. 51 Board of Directors Oversight of Risks from Cybersecurity Risks Cybersecurity risks are overseen at the board level through the Audit Committee. As part of this oversight, the Audit Committee, with several key members of management, meets quarterly to discuss ongoing initiatives and seek to ensure coordination between enterprise stakeholders. At these meetings, our Vice President of Security Operations and Senior Vice President of Technology, who oversee the Company s cybersecurity program, review with our Audit Committee current and emerging cybersecurity-related threats as well as key performance indicators for cybersecurity process maturity, operational performance, and enterprise performance in countering these threats. Our Vice President of Security Operations and Senior Vice President of Technology also annually review our Company’s cybersecurity program with our full board. Based on the information provided through these various processes, our board evaluates the risks facing us and provides guidance as to the appropriate risk management strategy. Management s Role in Assessing and Managing Cybersecurity Risks The Vice President of Security Operations and Senior Vice President of Technology are primarily responsible for assessing and managing Targa s material risks from cybersecurity threats, and work to monitor the effectiveness of our cybersecurity detection and response processes in countering current threats and to provide updates to our executive team. Our Vice President of Security Operations has more than 25 years of experience working in the field of cybersecurity, including numerous years directing enterprise-level cybersecurity programs. No Previous Material Cybersecurity Threats As of the date of this report, though the Company and our service providers have experienced certain cybersecurity incidents, we are not aware of any previous cybersecurity threats that have materially affected or are reasonably likely to materially affect the Company. However, we acknowledge that cybersecurity threats are continually evolving, and the possibility of future cybersecurity incidents remains. Despite the security and risk management measures that we have implemented and any additional measures we may implement or adopt in the future, our facilities and systems, and those of our third-party service providers, have been and are vulnerable to security breaches, computer viruses, lost or misplaced data, programming errors, scams, burglary, human errors, acts of vandalism, misdirected wire transfers, or other malicious or criminal activities. A successful attack on our information or operational technology systems could have material consequences to the Company. While we devote resources to our security measures to protect our systems and information, these measures cannot provide absolute security. See Item 1A. Risk Factors for additional information about the risks to our business associated with a breach or compromise to our information technology systems.

Company Information