LEMAITRE VASCULAR INC 10-K Cybersecurity GRC - 2024-02-29

Page last updated on April 11, 2024

LEMAITRE VASCULAR INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-29 13:34:55 EST.

Filings

10-K filed on 2024-02-29

LEMAITRE VASCULAR INC filed an 10-K at 2024-02-29 13:34:55 EST
Accession Number: 0001437749-24-006037

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy LeMaitre Vascular recognizes the critical importance of developing, implementing, and maintaining robust cybersecurity measures to safeguard our information systems and protect the confidentiality, integrity, and availability of our data. Managing Material Risks & Integrated Overall Risk Management We have strategically integrated cybersecurity risk management into our broader risk management framework to promote a company-wide culture of cybersecurity risk management, with the goal of ensuring that cybersecurity considerations are an integral part of our decision-making processes. Our IT department continuously evaluates and addresses cybersecurity risks during our risk assessment process, in alignment with our business objectives and operational needs. Engage Third-Parties on Risk Management Recognizing the complexity and evolving nature of cybersecurity threats, we engage with external experts, including cybersecurity assessors and consultants, to evaluate and test our risk management systems. Our collaboration with third-parties includes periodic audits, threat assessments, and consultation on security enhancements. Oversight of Third-party Risk Using a risk-based approach, we review third-party service providers as part of our IT general controls, particularly focusing on financial risk and the third-party applications and controls around that risk. 28 Table of Contents Risks from Cybersecurity Threats Although we are not aware of having experienced any prior material data breaches, regulatory non-compliance incidents or cyber security incidents, we may in the future be impacted by such an event, exposing our clients and us to a risk of someone obtaining access to our information, to information of our clients or their customers, or to our intellectual property, disabling or degrading service, or sabotaging systems or information. Any such security breach could result in a loss of confidence in the security of our services, damage our reputation, disrupt our business, require us to incur significant costs of investigation, remediation and/or payment of a ransom, lead to legal liability, negatively impact our future sales, and result in a substantial financial loss. Governance The Board of Directors is aware of the critical nature of managing risks associated with cybersecurity threats. The Board has established robust oversight mechanisms to ensure effective governance in managing risks associated with cybersecurity threats because we recognize the significance of these threats to our operational integrity and stakeholder confidence. Board of Directors Oversight The Audit Committee is central to the Board s oversight of cybersecurity risks and bears the primary responsibility for this domain. On a periodic basis, our Audit Committee reviews the adequacy of our computer systems controls, cybersecurity risk management and related governance and incident disclosures. Management s Role Managing Risk Our VP, Information Technology and our Chief Financial Officer (CFO) play a pivotal role in informing the Audit Committee on cybersecurity risks. They provide comprehensive briefings to the Audit Committee on a regular basis, with a minimum frequency of once per year. These briefings encompass a broad range of topics, including: Current cybersecurity landscape and emerging threats; Status of ongoing cybersecurity initiatives and strategies; Incident reports and learnings from any cybersecurity events; and Compliance with regulatory requirements and industry standards. In addition to our scheduled meetings, the Audit Committee, our VP, Information Technology and our CFO maintain an ongoing dialogue regarding emerging or potential cybersecurity risks. Risk Management Personnel Primary responsibility for assessing, monitoring and managing our cybersecurity risks rests with our VP, Information Technology, who has over 25 years of experience in the field. As each relates to cybersecurity, our VP, Information Technology leads testing of our compliance with standards, remediation of known risks, and our employee training program. Monitor Cybersecurity Incidents Our VP, Information Technology leads our implementation and oversight of processes for the regular monitoring of our information systems. We have developed a cybersecurity incident response plan that is overseen by our VP, Information Technology and that includes immediate actions to mitigate the impact and longer-term strategies for remediation and prevention of future incidents. Reporting to Board of Directors Our VP, Information Technology, in his capacity, regularly informs the CFO about matters related to cybersecurity risks and incidents. Together, our VP, Information Technology and CFO then update our Audit Committee and Board on significant cybersecurity matters, and strategic risk management.

Company Information