PILGRIMS PRIDE CORP 10-K Cybersecurity GRC - 2024-02-27

Page last updated on April 11, 2024

PILGRIMS PRIDE CORP reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-27 17:31:17 EST.

Filings

10-K filed on 2024-02-27

PILGRIMS PRIDE CORP filed an 10-K at 2024-02-27 17:31:17 EST
Accession Number: 0000802481-24-000015

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Cybersecurity Risk, Strategy and Governance The Company maintains a robust cybersecurity infrastructure to safeguard our operations, networks and data through comprehensive security measures including our technology tools, internal management and external service providers. The Company s Chief Information Officer ( CIO ) is responsible for assessing, identifying, and managing the risks from cybersecurity threats. Our CIO has significant experience in information technology and many of our information technology team members hold qualifications in technology security positions. We maintain a cross-functional Cybersecurity Committee, as well as a Global Security Committee consisting of the information technology professionals and security managers from each country in which we have operations. We have both policies and procedures that align with the National Institute of Standards and Technology Cybersecurity Framework. Our information security program includes, among other aspects, vulnerability management, antivirus and malware protection, encryption and access control, and employee training. Our CIO, together with our Global Security Committee, reviews emerging threats, controls, and procedures as part of assessing, identifying, and managing risks. Risks identified by our cybersecurity program are analyzed to determine the potential impact on us and the likelihood of occurrence. Such risks are continuously monitored to ensure that the circumstances and severity of such risks have not changed. We also endeavor to apprise employees of emerging risks and require them to undergo regular security awareness trainings and supplemental trainings as needed. Additionally, we conduct periodic internal exercises to gauge the effectiveness of the trainings and assess the need for additional training. In addition, we engage independent third-party cybersecurity providers for testing and vulnerability detection. We regularly engage with third-party vendors to perform external penetration testing, which identifies potential threats and reduces the impact and/or likelihood of these threats. Our employees perform similar intrusion tests and internal and external scans to help improve and harden the company s security posture. We also conduct security assessments of our IT vendors and certain business partners and maintain cyber incident response plans that are periodically reviewed and updated by our IT Security and Cyber Defense Teams and leveraged table top exercised performed by our IT teams. The incident response plan ties into our Cybersecurity Committee processes for review to ensure the required reporting of material incidents to the Board of Directors, as applicable. Our Board of Directors, primarily through the Audit Committee, oversees management s approach to managing cybersecurity risks as part of its risk management oversight. The Audit Committee holds periodic discussions with management regarding the Company s guidelines and policies with respect to cybersecurity risks and receives regular reports from the CIO regarding such risks and the steps management has taken to monitor and control any exposure resulting from such risks. As of the date of this report, we are not aware of any risks from cybersecurity threats that have materially affected or are reasonably likely to materially affect our business strategy, results of operations, or financial condition. 17 Table of Contents

Company Information