NEWPARK RESOURCES INC 10-K Cybersecurity GRC - 2024-02-23

Page last updated on April 11, 2024

NEWPARK RESOURCES INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-23 12:10:59 EST.

Filings

10-K filed on 2024-02-23

NEWPARK RESOURCES INC filed an 10-K at 2024-02-23 12:10:59 EST
Accession Number: 0000071829-24-000009

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. Cybersecurity We believe that cybersecurity is a critical component of our enterprise risk management process, and as such, we have implemented a cybersecurity program to assess, identify, and manage risks from cybersecurity threats that may result in adverse effects on the confidentiality, integrity, and availability of our information systems. Our Board of Directors oversees management s enterprise risk management process, including cybersecurity risks, to help align our risk exposure with our strategic objectives. Senior leadership, including our Chief Information Officer (CIO), regularly briefs the Board of Directors on our cybersecurity and information security, and we have processes by which certain cybersecurity incidents are escalated to the Board of Directors. Our CIO, who reports to our Senior VP & Chief Financial Officer, oversees our cybersecurity function. The Cybersecurity Manager reports to the CIO, and the CIO and Cybersecurity Manager are responsible for assessing and managing risks from cybersecurity threats, as well as our overall information security strategy, policy, security engineering, operations, and cybersecurity threat detection and response, and reporting on cybersecurity matters to the Board and executive management. Our CIO has a Master of Science in Information Systems and has served in various roles in information technology for over 25 years. Our Cybersecurity Manager has served in various roles in information technology and information security for over 25 years, with 10 of those years as the leader responsible for enterprise cybersecurity, including serving as the Information Security Officer at another larger publicly traded company. Our CIO receives reports on cybersecurity threats from experienced information security personnel and third-party consultants and resources, and regularly reviews risk management measures implemented by the Company to identify and 19 mitigate data protection and cybersecurity risks. Our processes and systems include automated tools and technical safeguards managed and monitored by our cybersecurity team. Additionally, we have a set of Company-wide policies and procedures regarding cybersecurity matters, which include an Information Security best practices intranet site, as well as other policies that directly or indirectly relate to cybersecurity, such as policies related to email usage, remote network access, internet usage, passphrase usage, information technology acceptable use, data governance and privacy, and information security. These policies go through an internal review process and are approved by appropriate members of management. We periodically conduct penetration and vulnerability testing, data recovery testing, and security audits. We also conduct regular employee training on cybersecurity. With respect to our incident response, we have adopted a plan that applies in the event of a cybersecurity threat or incident to provide a framework for responding to such threats and incidents. Our plan sets out a coordinated approach to investigating, containing, documenting, and mitigating incidents, including reporting findings and keeping senior management and other key stakeholders informed and involved as appropriate. We also employ processes designed to oversee and identify risks from cybersecurity threats associated with our use of third-party service providers. Risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have not materially affected us, including our business strategy, results of operations, or financial condition, but we face certain ongoing risks from cybersecurity threats that, if realized, are reasonably likely to have such an affect.

Company Information