ACM Research, Inc. 10-K Cybersecurity GRC - 2024-02-28

Page last updated on April 11, 2024

ACM Research, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-28 16:37:34 EST.

Filings

10-K filed on 2024-02-28

ACM Research, Inc. filed an 10-K at 2024-02-28 16:37:34 EST
Accession Number: 0001680062-24-000008

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Cybersecurity Risk Management and Strategy We recognize the importance of assessing, identifying, and managing material risks associated with cybersecurity threats, as such term is defined in Item 106(a) of Regulation S-K. These risks include, among other things: operational risks, intellectual property theft, fraud, extortion, harm to employees or customers and violation of data privacy or security laws. Identifying and assessing cybersecurity risk is integrated into our overall risk management systems and processes. Cybersecurity risks related to our business, technical operations, privacy and compliance issues are identified and addressed through a multi-faceted approach including third party assessments, internal IT Audit, IT security, governance, risk and compliance reviews. To defend, detect and respond to cybersecurity incidents, we, among other things: conduct proactive privacy and cybersecurity reviews of systems and applications, audit applicable data policies, perform penetration testing using external third-party tools and techniques to test security controls, conduct employee training, monitor emerging laws and regulations related to data protection and information security and implement appropriate changes. 51 Table of Contents As part of our risk management process, we conduct application security assessments, vulnerability management, penetration testing, security audits, and ongoing risk assessments. We also maintain a variety of incident response plans that are utilized when incidents are detected. We require employees with access to information systems, including all corporate employees, to undertake data protection and cybersecurity training and compliance programs. We describe whether and how risks from cybersecurity threats are reasonably likely to materially affect us, including our financial performance and results of operations, under the heading Breaches of our cybersecurity systems could degrade our ability to conduct our business operations and deliver products to our customers, result in data losses and the theft of our intellectual property, damage our reputation, and require us to incur significant additional costs to maintain the security of our networks and data in Item 1A, Risk Factors of Part I of this report . Cybersecurity Governance Cybersecurity is an important part of our risk management processes. Our Audit Committee is responsible for the oversight of risks from cybersecurity threats. Members of the Audit Committee receive reports of any breaches or developments regarding matters of cybersecurity. This includes existing and new cybersecurity risks, status on how management is addressing and/or mitigating those risks, cybersecurity and data privacy incidents (if any) and status on key information security initiatives. Our Audit Committee and Board members may also engage in ad hoc conversations with management on cybersecurity-related news events and discuss any updates to our cybersecurity risk management and strategy programs. Our cybersecurity risk management and strategy processes are overseen by leaders from our Information Security, Product Security, Compliance and Legal teams. Key individuals have an average of over 15 years of prior work experience in various roles involving information technology, including security, auditing, compliance, systems and programming. These individuals are informed about, and monitor the prevention, mitigation, detection and remediation of cybersecurity incidents through their management of, and participation in, the cybersecurity risk management and strategy processes described above, including the operation of our incident response plan, and report directly or indirectly to the Audit Committee on any appropriate items.

Company Information