Westlake Chemical Partners LP 10-K Cybersecurity GRC - 2024-02-28

Page last updated on April 11, 2024

Westlake Chemical Partners LP reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-28 15:25:53 EST.

Filings

10-K filed on 2024-02-28

Westlake Chemical Partners LP filed an 10-K at 2024-02-28 15:25:53 EST
Accession Number: 0001604665-24-000010

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity OpCo has entered into the Services and Secondment Agreement with Westlake and we, OpCo and Westlake have entered into the Omnibus Agreement. Pursuant to these Agreements, Westlake performs various services for us, including those related to cybersecurity. As such, this disclosure addresses our cybersecurity policies and practices, some of which are executed by Westlake under the Services and Secondment Agreement and the Omnibus Agreement. With Westlake’s support, we maintain a comprehensive approach to cybersecurity and data protection, based on a risk-based, defense-in-depth strategy. Westlake follows industry standard cybersecurity frameworks, including the National Institute of Standards and Technology’s Cybersecurity Framework to design, assess and update our cybersecurity strategy, controls and processes. Westlake regularly assesses industry best practices and standards and endeavors to implement them in its efforts to manage cybersecurity risk for us. The focus is on protecting our highest-value information assets, which include manufacturing systems, financial systems, and confidential, personal, and private information. To safeguard our networks and systems, Westlake has a dedicated cybersecurity organization overseen by its Chief Information Security Officer, which operates within its information technology department overseen by its Chief Information Officer. Westlake’s cybersecurity organization employs multiple security controls, such as firewalls, spam protection, web filtering, endpoint detection and response software, controlled access, vulnerability management, redundancies, patching, and regular onsite and offsite backups. Westlake’s cybersecurity organization also uses a variety of processes to address cybersecurity threats related to the use of third-party technology and services, including pre-acquisition diligence, imposition of contractual obligations, and risk-based performance monitoring. Both Westlake’s Chief Information Officer and its Chief Information Security Officer have extensive experience in assessing and managing cybersecurity risks, including through decades of collective experience in information technology and cybersecurity roles of increasing responsibility both at Westlake and in prior positions. Westlake prioritizes cybersecurity awareness among employees and contractors through various training exercises, including formal programs and simulated phishing events. Westlake maintains incident response plans, playbooks, and engages third-party cybersecurity firms for simulated cyberattacks and penetration testing to identify potential risks. Westlake also has a third-party cybersecurity firm on retainer for incident assistance and response. Periodic internal self-assessments are conducted by Westlake’s cybersecurity organization using the National Institute of Standards and Technology Cybersecurity Framework. From time to time, we and OpCo experience cybersecurity threats and attempted breaches and other incidents. Westlake classifies and tracks these events based on significance and implements remediation actions that it considers appropriate to address the risks to the Partnership and OpCo relating to such incidents. Although we and OpCo have not experienced material impacts to our business strategy, results of operations or financial condition from any such incidents in the past three years, we cannot guarantee that a material incident will not occur in the future. See “Item 1A. Risk Factors Failure to adequately protect critical data and technology systems could materially affect our operations.” 29 Table of Contents The board of directors has authorized and approved our entry into the Services and Secondment Agreement and the Omnibus Agreement with Westlake, and has thereby charged Westlake’s Corporate Risk and Sustainability Committee with assisting the board of directors with its oversight of cybersecurity risks, which is a component of our overall enterprise risk management program. As a result, Westlake’s Corporate Risk and Sustainability Committee assists with the oversight of our cybersecurity risks. Westlake’s Corporate Risk and Sustainability Committee includes directors with cybersecurity experience and expertise, primarily through supervision of information technology departments as executive officers. The board of directors also receives regular updates from Westlake’s Chief Information Officer on cybersecurity risks, incidents and trends, and ongoing and planned projects impacting the Partnership and OpCo. Westlake’s Chief Information Officer and our senior management receive regular status reports on the Partnership’s and OpCo’s cybersecurity risks from Westlake’s cybersecurity organization. Further, incident updates are reported to our senior management and the board of directors as Westlake’s Chief Information Officer and cybersecurity organization consider appropriate, depending on the severity of the incident. As part of our incident response planning, Westlake also maintains cross-functional response teams involving personnel outside of its cybersecurity organization, both globally and regionally, in order to be prepared to respond to an incident.

Company Information