MARTIN MIDSTREAM PARTNERS L.P. 10-K Cybersecurity GRC - 2024-02-21

Page last updated on April 11, 2024

MARTIN MIDSTREAM PARTNERS L.P. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-21 16:23:57 EST.

Filings

10-K filed on 2024-02-21

MARTIN MIDSTREAM PARTNERS L.P. filed an 10-K at 2024-02-21 16:23:57 EST
Accession Number: 0001176334-24-000040

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C Cybersecurity Cybersecurity Risk Management and Strategy The Partnership recognizes the critical importance of developing, implementing, and maintaining robust cybersecurity measures to safeguard our information systems and protect the confidentiality, integrity, and availability of our data. Managing Material Risks & Integrated Overall Risk Management The Partnership has strategically integrated cybersecurity risk management into our broader risk management framework to promote an entity-wide culture of cybersecurity risk management. Our information technology department works closely with our internal audit, risk, and legal teams to continuously evaluate and address cybersecurity risks and ensure cybersecurity measures are in alignment with our business objectives and operational needs. Our cybersecurity measures are designed to identify, protect, detect, and respond to and manage reasonably foreseeable cybersecurity risks and threats. To protect our information systems from cybersecurity threats, we use multiple monitoring and detection tools to safeguard network and endpoint devices. We have implemented measures that proactively and continuously assess and monitor our information systems for vulnerabilities and cybersecurity exposure. Engage Third Parties on Risk Management Recognizing the complexity and evolving nature of cybersecurity threats, the Partnership engages with a range of external experts, including cybersecurity consultants in evaluating and testing our risk management systems. Our collaboration with these third parties includes regular audits, network penetration testing, threat assessments, and consultation on security enhancements. We provide awareness training to our employees to help identify, avoid, and mitigate cybersecurity threats. Our employees with network access are required to complete annual security awareness training and quarterly spear phishing exercises. Oversee Third-Party Risk Because we are aware of the risks associated with third-party vendors, service providers and business partners, we have implemented stringent processes to oversee and manage these risks. We conduct thorough and annual security assessments of all third-party file transfer protocols, and we perform in-depth reviews of hosted applications including, but not limited to, confirmation of SOC 2, ISO 27001, or other relevant security certifications. Risks from Cybersecurity Threats We have not been subject to cybersecurity challenges that have materially impaired or are reasonably likely to materially impair our operations or financial standing. Governance The board of directors is acutely aware of the critical nature of managing risks associated with cybersecurity threats. The board has established robust oversight mechanisms and is willing to cause the Partnership to expend significant resources to further enhance digital security or to remediate vulnerabilities to ensure effective governance in managing risks associated with cybersecurity threats. The Board recognizes the significance of these cybersecurity threats to our operational integrity and stakeholder confidence. Board of Directors Oversight The Partnership s board of directors has oversight of cybersecurity risks. Our board of directors is composed of board members with diverse expertise including, risk management, technology, and finance, equipping them to oversee cybersecurity risks effectively. 43 Management s Role Managing Risk The Director of Internal Audit and the Chief Financial Officer ( CFO ) play a pivotal role in informing the board of directors on cybersecurity risks. They provide comprehensive briefings to the board of directors on a regular basis, with a minimum frequency of once per year. These briefings encompass a broad range of topics, including: Current cybersecurity landscape and emerging threats; Status of ongoing cybersecurity initiatives and strategies; Incident reports and learnings from any cybersecurity events; and Compliance with regulatory requirements and industry standards. In addition to our scheduled meetings, the board of directors, Director of Internal Audit, Director of Information Technology and CFO maintain an ongoing dialogue regarding emerging or potential cybersecurity risks. Together, they receive updates on significant developments in the cybersecurity domain, ensuring the Board s oversight is proactive and responsive. The board of directors actively participates in strategic decisions related to cybersecurity, offering guidance and approval for major initiatives. This involvement ensures that cybersecurity considerations are integrated into the broader strategic objectives of the Partnership. The board of directors conducts an annual review of the Partnership s cybersecurity posture and the effectiveness of its risk management strategies. This review helps in identifying areas for improvement and ensuring the alignment of cybersecurity efforts with the overall risk management framework. Reporting to Board of Directors The Directors of Information Technology and Internal Audit regularly inform executive management of all aspects related to cybersecurity risks and incidents. This ensures that the highest levels of management are kept abreast of the cybersecurity posture and potential risks facing the Partnership. Furthermore, significant cybersecurity matters, and strategic risk management decisions are escalated to the board of directors, ensuring that they have comprehensive oversight and can provide guidance on critical cybersecurity issues. Monitor Cybersecurity Incidents The Director of Information Technology is continually informed about the latest developments in cybersecurity, including potential threats and innovative risk management techniques. The Director of Information Technology implements and oversees processes for the regular monitoring of our information systems. This includes the deployment of advanced security measures and regular system audits to identify potential vulnerabilities. In the event of a cybersecurity incident, the Partnership’s information technology team is equipped with an incident response plan. This plan includes immediate actions to mitigate and contain the impact and strategies for remediation and prevention of future incidents.

Company Information