Mister Car Wash, Inc. 10-K Cybersecurity GRC - 2024-02-23

Page last updated on April 11, 2024

Mister Car Wash, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-23 06:32:44 EST.

Filings

10-K filed on 2024-02-23

Mister Car Wash, Inc. filed an 10-K at 2024-02-23 06:32:44 EST
Accession Number: 0000950170-24-019105

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Cybersecurity Risk Management and Strategy As a component of our overall risk management system and processes, we have a risk-based cybersecurity program, dedicated to protecting our data as well as data belonging to consumers (including UWC Members), employees and suppliers. We devote significant resources and utilize a defensive in-depth strategy, with multiple layers of security controls to protect the security of our computer systems, software, networks, and other technology assets. Our security efforts are designed to preserve the confidentiality, integrity, and continued availability of all information we own, or is in our care, and protect against, among other things, cybersecurity attacks by unauthorized parties attempting to obtain access to confidential information, destroy data, disrupt or degrade service, sabotage systems, or cause other damage. These processes include technical, administrative and physical controls and processes, as well as contractual mechanisms to mitigate risk. We also have policies and procedures to oversee and identify the cybersecurity risks associated with our use of third-party service providers, including the regular review of SOC reports, relevant cyber attestations, and other independent cyber ratings. Through a combination of governance, risk, and compliance (GRC) resources, we proactively monitor IT controls to ensure compliance with legal and regulatory requirements, perform third-party risk management assessments, implement processes designed to ensure essential business functions remain available during business disruptions, develop and update incident response plans to address potential weaknesses, and maintain cyber incident management and reporting procedures. Our systems are periodically the target of directed attacks intended to lead to interruptions and delays in our service and operations as well as loss, misuse or theft of personal information (of third parties, employees, and our customers) and other data, confidential information or intellectual property. However, to date, we are not aware of any incident or cybersecurity risks having a material impact on our business, results of operations or financial condition. Board Oversight and Governance Our Board recognizes the important role of information security and mitigating cybersecurity and other data security threats. While the full Board has overall responsibility for risk oversight, it is supported in this function primarily by its committees. The Audit Committee is responsible for reviewing and discussing our policies with respect to risk assessment and risk management, including risks related to cybersecurity and other technology issues. The Board periodically evaluates our cybersecurity strategy to help ensure its effectiveness. Management provides periodic reports to the Audit Committee regarding cybersecurity and other information technology risks, as well as our plans to mitigate cybersecurity risks and to respond to any breaches. 19

Company Information