STURM RUGER & CO INC 10-K Cybersecurity GRC - 2024-02-21

Page last updated on April 11, 2024

STURM RUGER & CO INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-21 17:01:50 EST.

Filings

10-K filed on 2024-02-21

STURM RUGER & CO INC filed an 10-K at 2024-02-21 17:01:50 EST
Accession Number: 0001174947-24-000243

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C CYBERSECURITY Risk management and strategy The Company has processes for assessing, identifying, and managing material risks from cybersecurity threats. These processes are integrated into the Company s overall risk management systems, as overseen by the Company s Board of Directors, primarily through its Risk Oversight Committee. These processes also include overseeing and identifying risks from cybersecurity threats associated with the use of third-party service providers. The Company conducts security assessments of certain third-party providers before engagement and has established monitoring procedures in its effort to mitigate risks related to data breaches or other security incidents originating from third parties. The Company from time to time engages third-party consultants, legal advisors, and audit firms in evaluating and testing the Company s risk management systems and assessing and remediating certain potential cybersecurity incidents as appropriate. The Company has an Information Security Program ( Program ) to protect personal and proprietary information in compliance with applicable federal and state requirements. The Program is designed to: Ensure the security and confidentiality of employee and customer personal information and Company proprietary information; 17 Protect against anticipated threats or hazards to the security or integrity of such information; and Protect against unauthorized access to, use of, or transfer of such information in a manner that could harm or inconvenience the Company, employees or customers. For more information about these risks, see the risk factor titled The Company relies on its information and communications systems in its operations. Security breaches and other disruptions could adversely affect its business and results of operations under Item 1A. Governance The Company s Board of Directors has assigned oversight of cybersecurity risk management to the Risk Oversight Committee. The Risk Oversight Committee regularly receives reports from management, including senior information technology ( IT ) leadership, and third parties on cybersecurity matters. In addition, the Company s full Board of Directors receives reports addressing cybersecurity as part of the Company s overall enterprise risk management program and to the extent cybersecurity matters are addressed in regular business updates. Senior IT leaders are responsible for developing appropriate cybersecurity programs, including as may be required by applicable law or regulation. These individuals expertise in IT and cybersecurity generally has been gained from a combination of education, including relevant degrees and/or certifications, and work experience. They are informed by their respective cybersecurity teams about, and monitor, the prevention, detection, mitigation and remediation of cybersecurity incidents as part of the cybersecurity programs described above. Information regarding cybersecurity risks may be elevated by IT leadership through a variety of channels, including discussions between or among key leaders and Company management and reports to the Company s Board of Directors and/or certain Board committees. As noted above, the Risk Oversight Committee regularly receives reports on cybersecurity matters from senior IT leadership.

Company Information