Pactiv Evergreen Inc. 10-K Cybersecurity GRC - 2024-02-29

Page last updated on April 11, 2024

Pactiv Evergreen Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-29 18:10:25 EST.

Filings

10-K filed on 2024-02-29

Pactiv Evergreen Inc. filed an 10-K at 2024-02-29 18:10:25 EST
Accession Number: 0000950170-24-023337

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Cybersecurity risk management is an integral part of our overall enterprise risk management program. Our cybersecurity risk management program is designed to align with industry best practices and provide a framework for evaluating and implementing methods to assess, identify and manage material risks from cybersecurity threats and properly respond to incidents, including threats and incidents associated with the use of services provided by third-party service providers. This framework includes steps for assessing the severity of a cybersecurity threat, identifying the source of a cybersecurity threat (including whether the cybersecurity threat is associated with a third-party service provider), implementing cybersecurity countermeasures and mitigation strategies and informing management and our Board of Directors of material cybersecurity threats and incidents. Our cybersecurity team leads a regular cybersecurity working group meeting with representatives from across the Company s centers of excellence, as well as a quarterly cybersecurity steering committee meeting with executives from across the Company, to facilitate coordination across different functional groups within our Company and ensure broad awareness of ongoing cybersecurity initiatives and assessments. These committees also hold ad hoc meetings as necessary to address urgent threats that arise in between meetings. Our cybersecurity team also engages third-party security experts for risk assessment and system enhancements. In addition, our cybersecurity team provides training to all employees annually. Our Board of Directors has overall oversight responsibility for our risk management and has delegated cybersecurity risk management oversight to the Audit Committee of the Board. The Audit Committee of the Board is responsible for ensuring that management has processes in place designed to identify and evaluate cybersecurity risks to which we are exposed and implement processes and procedures to manage cybersecurity risks and mitigate cybersecurity incidents. The Audit Committee of the Board also reports material cybersecurity risks to our full Board of Directors. Management is responsible for identifying, considering and assessing material cybersecurity risks on an ongoing basis, establishing processes to ensure that such potential cybersecurity risk exposures are monitored, putting in place appropriate mitigation measures and maintaining our cybersecurity program. Our cybersecurity program is managed under the direction of our Senior Vice President for Business Transformation, who receives reports from our cybersecurity team, including our Chief Information Security Officer, or CISO, and monitors the prevention, detection, mitigation and remediation of cybersecurity incidents. The CISO, in coordination with senior management, works collaboratively across the Company to implement a program designed to protect our information systems from cybersecurity threats and to respond promptly to any material cybersecurity incidents in accordance with our incident response and recovery plans. To facilitate the success of our cybersecurity program, cross-functional teams throughout the Company address cybersecurity threats and respond to cybersecurity incidents. Through ongoing communications, the CISO and these teams inform senior management about, and monitor the prevention, detection, mitigation and remediation of, cybersecurity threats and incidents in real time, and report such threats and incidents to the Audit Committee when appropriate. Our CISO has 42 years of experience in a diverse array of information and security technologies and has managed various domains, with expertise in enterprise resource planning, finite scheduling, middleware technologies, network control, operational control, identity access and governance and data center management. He and our other dedicated cybersecurity personnel collectively hold numerous certifications, including in relation to forensic investigation, threat hunting and digital forensics, risk and information system controls, Google cybersecurity, information security auditors and fraud examiners. Additionally, the collective cybersecurity team members have substantial experience in information technology disciplines and prioritize remaining educated on current threats. Our cybersecurity team regularly updates the Audit Committee of the Board on our cybersecurity program, material cybersecurity risks and mitigation strategies and provides quarterly cybersecurity reports that cover, among other topics, third-party assessments of the Company s cybersecurity program, developments in cybersecurity and updates to the Company s cybersecurity program and mitigation strategies. In 2023, we did not identify any cybersecurity threats that have materially affected or are reasonably likely to materially affect our business strategy, results of operations or financial condition. However, despite our efforts, we cannot eliminate all risks from cybersecurity threats, or provide assurances that we have not experienced an undetected cybersecurity incident. For more information about these risks, please see the risk factor above entitled Cybersecurity breaches and improper access to or disclosure of our data or user data, or other infiltration, hacking and phishing attacks on our systems, could harm our reputation and adversely affect our business.

Company Information