TELEPHONE & DATA SYSTEMS INC /DE/ 10-K Cybersecurity GRC - 2024-02-16

Page last updated on April 11, 2024

TELEPHONE & DATA SYSTEMS INC /DE/ reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-16 07:54:25 EST.

Filings

10-K filed on 2024-02-16

TELEPHONE & DATA SYSTEMS INC /DE/ filed an 10-K at 2024-02-16 07:54:25 EST
Accession Number: 0001051512-24-000010

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity of this Form 10-K for additional information. 26) Disruption in credit or other financial markets, a deterioration of U.S. or global economic conditions or other events could, among other things, impede TDS access to or increase the cost of financing its operating and investment activities and/or result in reduced revenues and lower operating income and cash flows, which would have an adverse effect on TDS business, financial condition or results of operations. Disruptions in the credit and financial markets, declines in consumer confidence, increases in unemployment, declines in economic growth, increased tariffs on import goods, sudden increases in inflation and uncertainty about corporate earnings could have a significant negative impact on the U.S. and global financial and credit markets and the overall economy. Such events could have an adverse impact on financial institutions resulting in limited access to capital and credit for many companies. Furthermore, economic uncertainties make it very difficult to accurately forecast and plan future business activities. Changes in economic conditions, changes in financial markets, changes in U.S. trade policies, deterioration in the capital markets or other factors could have an adverse effect on TDS business, financial condition, revenues, results of operations and cash flows. 27) The impact of public health emergencies on TDS’ business is uncertain, but depending on duration and severity could have a material adverse effect on TDS’ business, financial condition or results of operations. Public health emergencies pose the risk that TDS or its associates, agents, partners and suppliers may be unable to conduct business activities for an extended period of time and/or provide the level of service expected. TDS’ ability to attract customers, maintain an adequate supply chain and execute on its business strategies and initiatives could be negatively impacted by public health emergencies. Additionally, public health emergencies could cause increased unemployment and an economic downturn, both of which could negatively impact TDS. The extent of the impact of public health emergencies on TDS’ business, financial condition and results of operations will depend on the severity and duration of the emergency, actions taken by governmental authorities and other possible direct and indirect consequences, all of which are uncertain and cannot be predicted . 20 Table of Contents Item 1B. Unresolved Staff Comments None. Item 1C. Cybersecurity The TDS information security program aligns with the National Institute of Standards and Technology (NIST) cybersecurity framework. Risk assessments are conducted periodically leveraging this standard and are integrated into the TDS Enterprise Risk Management (ERM) program. The assessment results are used to drive continuous improvement in the TDS cybersecurity control environment, as well as to manage potential data security risks of third-party service providers. TDS assesses the threat and vulnerability landscape using various commercial, government, vendor and publicly available information sources and tools. TDS manages these evolving risks through ongoing investments in the security program including active monitoring of the internal data environment and the environments of third-party service providers who manage sensitive data. In addition, TDS Information Technology leaders conduct regular cyber incident simulations to ensure preparedness in the event of a cyber-attack. TDS leverages external parties to perform independent assessments and tests of security controls in the environment. TDS Information Technology Security leaders are responsible for assessing and managing cybersecurity risks. Management has a depth of cybersecurity experience focused on increasing the organization’s resilience to security threats and stays current on new developments through continuing education and monitoring of the cybersecurity landscape. The TDS environment is monitored for potential security threats and security events are investigated and acted on to minimize potential risk to the environment. The full Board of Directors engages in oversight of TDS’ cybersecurity risks. The Board of Directors receives regular updates from management on technology and security updates and TDS assessment of cybersecurity threats and mitigation plans. The TDS Audit Committee oversees the processes over internal controls and financial reporting that includes controls and procedures that are designed to ensure that significant cybersecurity incidents are communicated to both senior management and the Audit Committee. Cybersecurity is also discussed with the Technology Advisory Group of the Board of Directors as warranted, at least on an annual basis.
Item 1C. Cybersecurity The TDS information security program aligns with the National Institute of Standards and Technology (NIST) cybersecurity framework. Risk assessments are conducted periodically leveraging this standard and are integrated into the TDS Enterprise Risk Management (ERM) program. The assessment results are used to drive continuous improvement in the TDS cybersecurity control environment, as well as to manage potential data security risks of third-party service providers. TDS assesses the threat and vulnerability landscape using various commercial, government, vendor and publicly available information sources and tools. TDS manages these evolving risks through ongoing investments in the security program including active monitoring of the internal data environment and the environments of third-party service providers who manage sensitive data. In addition, TDS Information Technology leaders conduct regular cyber incident simulations to ensure preparedness in the event of a cyber-attack. TDS leverages external parties to perform independent assessments and tests of security controls in the environment. TDS Information Technology Security leaders are responsible for assessing and managing cybersecurity risks. Management has a depth of cybersecurity experience focused on increasing the organization’s resilience to security threats and stays current on new developments through continuing education and monitoring of the cybersecurity landscape. The TDS environment is monitored for potential security threats and security events are investigated and acted on to minimize potential risk to the environment. The full Board of Directors engages in oversight of TDS’ cybersecurity risks. The Board of Directors receives regular updates from management on technology and security updates and TDS assessment of cybersecurity threats and mitigation plans. The TDS Audit Committee oversees the processes over internal controls and financial reporting that includes controls and procedures that are designed to ensure that significant cybersecurity incidents are communicated to both senior management and the Audit Committee. Cybersecurity is also discussed with the Technology Advisory Group of the Board of Directors as warranted, at least on an annual basis.

Company Information