EnLink Midstream, LLC 10-K Cybersecurity GRC - 2024-02-21

Page last updated on April 11, 2024

EnLink Midstream, LLC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-21 16:01:54 EST.

Filings

10-K filed on 2024-02-21

EnLink Midstream, LLC filed an 10-K at 2024-02-21 16:01:54 EST
Accession Number: 0001592000-24-000004

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity We maintain a robust cyber risk management program designed to identify, assess, manage, mitigate, and respond to cybersecurity threats. This program is integrated within the Company s enterprise risk management system and is designed to addresses the corporate information technology environment in which we operate. The underlying controls of the cyber risk 59 Table of Contents management program are based on recognized best practices and standards for cybersecurity and information technology, including the National Institute of Standards and Technology Cybersecurity Framework ( NIST CSF ). We utilize a third-party cybersecurity operations center to provide 24/7 monitoring of our cybersecurity environment and to coordinate the investigation and remediation of alerts. A program for assisting with incident response is in place to prepare support teams in the event of a significant incident. We also have an annual assessment, performed by a third-party, of our cyber risk management program against the NIST CSF. Cyber partners are a key part of EnLink s cybersecurity infrastructure. We partner with leading cybersecurity companies and organizations, leveraging third party technology and expertise. EnLink engages with these partners to monitor and maintain the performance and effectiveness of EnLink s technology environment. EnLink s Director of Information Systems reports to EnLink s Chief Information Officer and is the head of the Company s cybersecurity team. The Chief Information Officer is responsible for assessing and managing EnLink s cyber risk management program, informing senior management regarding the prevention, detection, mitigation, and remediation of cybersecurity incidents and supervising such efforts, including overseeing and identifying risks from cybersecurity threats associated with the use of third party cyber security partners. The Chief Information Officer also has a regular quarterly meeting with EnLink s executive team to review cybersecurity matters and the status of EnLink s cyber risk management program in detail. The cybersecurity team has decades of experience selecting, deploying, and operating cybersecurity technologies, initiatives, and processes, and relies on threat intelligence as well as other information obtained from governmental, public or private sources, including external consultants engaged by EnLink. Our Audit Committee oversees EnLink s cybersecurity risk exposures and the steps taken by management to monitor and mitigate cybersecurity risks. The cybersecurity team briefs the Audit Committee on the status and the effectiveness of EnLink s cyber risk management program on a quarterly basis and the Board is also updated on cybersecurity issues on a regular basis. EnLink faces risks from cybersecurity threats that could have a material adverse effect on its business, financial condition, results of operations, cash flows or reputation. We have not been subject to cybersecurity incidents that have materially impaired our operations or had a material adverse effect on EnLink s business, financial condition or results of operations. For additional discussion of our cybersecurity risks, see Risk Factors Business and Industry Risks A failure in our computer systems or a terrorist or cyberattack on us, or third parties with whom we have a relationship, may adversely affect our ability to operate our business.

Company Information