Trinseo PLC 10-K Cybersecurity GRC - 2024-02-23

Page last updated on April 11, 2024

Trinseo PLC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-23 12:54:10 EST.

Filings

10-K filed on 2024-02-23

Trinseo PLC filed an 10-K at 2024-02-23 12:54:10 EST
Accession Number: 0001558370-24-001604

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Trinseo s business and production operations rely on secure access, processing, storage, and transmission of company confidential and personal identifiable information within various technology platforms. The Company has processes in place to monitor, identify, assess and respond to material risks from cybersecurity threats. Cybersecurity is incorporated into the Company s enterprise risk management ( ERM ) program that is reviewed by the Board of Directors ( the Board ). Our Audit Committee has authority to oversee cybersecurity matters as part of its review of ERM. We maintain a cyber risk management program to identify, protect, detect, respond and recover from cyber threats and incidents. Our cybersecurity risk management and internal controls programs are aligned to ISO27001 Standards and the National Institute of Standards and Technology (NIST) framework. As part of our program management activities, we actively engage internal and prominent external experts, as well as industry participants, as part of our continuing efforts to evaluate and enhance the effectiveness of our cybersecurity policies and procedures. The Company has adopted a cybersecurity incident response plan (the Incident Response Plan ) which defines our approach for prompt detection, analysis and determination of materiality, prioritization and mitigation of cybersecurity incidents. The Incident Response Plan also includes criteria for escalation to cross-functional committees, including executive management, and notification to our Board, as appropriate. Management also periodically performs tabletop exercises to simulate actual cyber threats to strengthen our policies, standards and related governance processes in response to cyber events. In addition, our internal audit function performs periodic audits or other evaluations to assess our cybersecurity program and compliance with policies and procedures. Our cybersecurity program is managed by a dedicated Chief Information Security Officer ( CISO ). Our CISO has formal education in information technology and extensive cybersecurity program management experience with over three decades of diverse experience in the chemicals and manufacturing industries and maintains various information security certifications. Our CISO is accountable for the enterprise-wide cybersecurity strategy for both information technology (IT) and operations technology (OT), including significant third-party risks. The cybersecurity team, led by our CISO, is responsible for policies, standards, architecture, tools, training and processes to keep Trinseo secure. Our CISO provides regular updates to our cross-functional committees on program objectives, effectiveness, emerging trends, and performance metrics. The Board has ultimate oversight of cybersecurity risk and our CISO provides periodic reports and updates concerning our cybersecurity program to the Board, as well as our Chief Executive Officer and other members of our senior management, as appropriate. Cybersecurity reports to the Board generally occur at least annually, with updates as deemed necessary by our CISO, senior management, or as required by our Incident Response Plan. These reports include updates on the Company s cyber risks and threats, the status of projects to strengthen our information network and data security, assessments of the information security program, and the emerging threat landscape. Trinseo faces risks from cybersecurity threats that could have a material adverse effect on our business strategy, results of operations, financial condition, cash flows or reputation. Trinseo has experienced, and will continue to experience, cyber incidents in the normal course of our business. Trinseo has not experienced any material cybersecurity incidents or incurred material expenses related to cybersecurity incidents. As of the date of this report, we are not aware of any material risks from cybersecurity incidents, that have materially affected or are reasonably likely to materially affect the Company, including our business strategy, results of operations, financial condition or reputation. See Item 1A Risk Factors for a discussion of cybersecurity risks.

Company Information