STERICYCLE INC 10-K Cybersecurity GRC - 2024-02-28

Page last updated on April 11, 2024

STERICYCLE INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-28 07:02:39 EST.

Filings

10-K filed on 2024-02-28

STERICYCLE INC filed an 10-K at 2024-02-28 07:02:39 EST
Accession Number: 0001628280-24-007388

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk management and strategy We recognize the critical importance of developing, implementing, and maintaining robust cybersecurity measures to safeguard our information systems and protect the confidentiality, integrity, and availability of our data and services. Managing Material Risks & Integrated Overall Risk Management We have integrated cybersecurity risk management into our broader risk management framework to promote awareness and a company-wide culture of cybersecurity risk management. This integration helps confirm that cybersecurity considerations are an integral part of our decision-making processes. Our cyber risk management team works closely with our cross-functional stakeholders to regularly evaluate and address cybersecurity risks in alignment with our business objectives and operational needs. Engage Third-parties on Risk Management Recognizing the complexity and evolving nature of cybersecurity threats, we engage with a range of external experts, including cybersecurity assessors, consultants, and auditors in evaluating and testing our risk management systems. These partnerships enable us to leverage specialized knowledge and insights in implementing cybersecurity strategies, controls, and processes that leverage industry standard practices. Our collaboration with these third-parties includes regular audits, threat assessments, and consultation on security enhancements. Oversee Third-party Risk Because we are aware of the risks associated with third-party service providers that have access to our systems and data we implement processes to oversee and manage these risks. We conduct security assessments of certain third-party providers before engagement and monitor such providers to confirm compliance with industry accepted cybersecurity standards and practices. This approach is designed to reduce risks related to data breaches, operational disruptions, or other security incidents originating from third-parties. Risks from Cybersecurity Threats We have not encountered cybersecurity challenges that have materially impaired our operations or financial standing. Governance We recognize the potential significance of cybersecurity threats to our operational integrity and stakeholder confidence. The Board of Directors is aware of the critical nature of managing risks associated with cybersecurity threats. The Board has established appropriate oversight mechanisms to maintain effective governance in managing risks associated with cybersecurity threats. Board of Directors Oversight The Audit Committee leads the Board s oversight of cybersecurity risks and receives regular updates on cybersecurity risks and our cybersecurity program. The Audit Committee is composed of board members with diverse expertise, including risk management, technology, and finance, equipping them to oversee cybersecurity risks effectively. In addition, cybersecurity risks are reviewed by the Board of Directors, at least annually, as part of our enterprise risk management program. 2023 10-K Annual Report Stericycle, Inc. 30 Table of Contents PART I Management s Role Managing Risk Our cybersecurity program is led by our Chief Information Officer (“CIO”), with two decades of IT leadership experience. Our CIO, Senior Vice President IT Operations, Vice President Global IT Security, and other and IT personnel play a pivotal role in informing the Audit Committee on cybersecurity risks. They provide briefings to the Audit Committee on a quarterly basis. These briefings encompass a broad range of topics, including: Current cybersecurity landscape and emerging threats; Status of ongoing cybersecurity initiatives and strategies; Incident reports and learnings from relevant cybersecurity events; and Compliance with regulatory requirements and industry standards. In addition to our scheduled meetings, the Audit Committee and CIO maintain an ongoing dialogue regarding emerging or potential cybersecurity risks. The Audit Committee actively participates in strategic decisions related to cybersecurity, offering guidance and approval for major initiatives. This involvement confirms that cybersecurity considerations are integrated into the broader strategic objectives of Stericycle, Inc. The Audit Committee conducts an annual review of the Company s risk management strategies. This review helps in identifying areas for improvement and confirming the alignment of cybersecurity efforts with the overall risk management framework. Monitor Cybersecurity Incidents The CIO and other IT personnel are regularly informed about the latest developments in cybersecurity, including potential threats and innovative risk management techniques. This ongoing knowledge acquisition is crucial for the effective prevention, detection, mitigation, and remediation of cybersecurity incidents. The CIO and other IT personnel implement and oversee processes for the regular monitoring of our information systems. This includes the deployment of advanced security measures and regular system audits to identify potential vulnerabilities. In the event of a cybersecurity incident, the CIO and other IT personnel are equipped with a well-defined incident response plan, relationships with law enforcement, and agreements with qualified third parties to support the process. This plan includes prompt actions, including Board notification protocols, to contain and mitigate the immediate impact and long-term strategies for indemnification, remediation, and prevention of future incidents.

Company Information