MONOLITHIC POWER SYSTEMS INC 10-K Cybersecurity GRC - 2024-02-29

Page last updated on April 11, 2024

MONOLITHIC POWER SYSTEMS INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-29 16:55:31 EST.

Filings

10-K filed on 2024-02-29

MONOLITHIC POWER SYSTEMS INC filed an 10-K at 2024-02-29 16:55:31 EST
Accession Number: 0001437749-24-006133

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Cybersecurity Risk Management and Strategy We recognize the imperative to diligently manage cybersecurity risks as defined in Item 106(a) of Regulation S-K. Such risks include operational risks of ransomware, phishing, fraud, extortion, harm to employees or customers and violation of data privacy or security laws. We address cybersecurity risks in our business, technical operations, privacy and compliance issues through a diversified approach including threat-monitoring and assessments by third-parties, adopting IT security ISO standards/governance, proactive risk and compliance reviews. In order to defend against cybersecurity incidents, we carry out real-time cybersecurity threat monitoring of IT assets, perform penetration testing, audit applicable data policies and conduct directed employee training. We also monitor existing and emerging laws and regulations related to data protection and information security and implement appropriate changes. We maintain an insurance policy that provides certain coverage for losses we incur due to data breaches and other cybersecurity incidents. We implemented incident response and breach management processes consisting of four stages: 1) monitor for and identify cybersecurity incidents, 2) carry out security incident analysis, 3) contain and recover, and 4) improve with post-incident analysis. Such incident responses are governed by the Cybersecurity Steering Committee. We regularly engage external auditors to assess our internal cybersecurity programs and compliance and have been certified to conform to the requirements of ISO/IEC 27001. There are no identified cybersecurity threats that have materially affected or are reasonably likely to materially affect our results of operations, or financial condition as of the date of this Annual Report on Form 10-K. See Risk Factors for more information on our cybersecurity risks. Cybersecurity Governance As an important part of our risk management processes, cybersecurity is a focus area for our Board and management. Our Nominating and Corporate Governance Committee (the NCG Committee ), which consists of independent members of the Board of Directors, is responsible for the oversight of risks from cybersecurity threats. The NCG Committee receives quarterly updates from the Cybersecurity Steering Committee. These updates include existing and emerging cybersecurity threats, risks, cybersecurity incident management and key information security initiatives. The NCG Committee also provides updates to our cybersecurity risk management and strategy programs to the Board of Directors on a quarterly basis. Our cybersecurity risk management and strategy processes are overseen by the Cybersecurity Steering Committee, which includes individuals with an average of over 18 years of prior work experience in various roles involving IT governance and management, cybersecurity, auditing, and compliance. The Cybersecurity Steering Committee actively participates in the cybersecurity risk management and strategy processes as described above, and regularly reports to senior management and the NCG Committee. 30 Table of Contents

Company Information