RAYONIER ADVANCED MATERIALS INC. 10-K Cybersecurity GRC - 2024-02-29

Page last updated on April 11, 2024

RAYONIER ADVANCED MATERIALS INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-29 16:06:51 EST.

Filings

10-K filed on 2024-02-29

RAYONIER ADVANCED MATERIALS INC. filed an 10-K at 2024-02-29 16:06:51 EST
Accession Number: 0001597672-24-000006

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy Our information technology systems serve an important role in the efficient operation of our business. Identifying, assessing and managing material risks from cybersecurity threats are activities integrated into our overall risk management system. Cybersecurity risks are identified and addressed through coordinated efforts of our internal information technology security audit teams, internal governance and compliance reviews. We also engage external consultants to assist us with the review of our assessment and risk mitigation strategies for cybersecurity threats and the development of new approaches as needed. To protect our information technology systems from cyber threats, we use various tools that help us prevent, detect, investigate, resolve and recover from cybersecurity incidents, including proactive cybersecurity reviews of systems and applications, annual risk assessments that identify and evaluate new and recurring cyber threats, tabletop exercises and infiltration testing. Cybersecurity events, including those identified and communicated to us by our third-party service providers, are evaluated for severity and materiality to our business, based on both quantitative and qualitative factors, and prioritized accordingly for response and remediation. 20 Table of Contents Our information technology systems have been, and we expect will continue to be, subject to cyber intrusion attempts. We describe whether and how risks from cybersecurity threats have materially affected or are reasonably likely to materially affect our business, results of operations or financial condition under the risk factor Loss of our intellectual property and sensitive data or disruption of our manufacturing operations due to a cybersecurity incident could materially adversely impact our business found in Item 1A Risk Factors. Governance Our Audit Committee is responsible for the oversight of risk from cybersecurity threats and includes one committee member with significant cybersecurity consulting experience. On a quarterly basis, the Audit Committee receives reports from senior management on our cybersecurity program covering our strategies and processes for the identification, assessment and mitigation of the material cybersecurity risks that we face, existing and emerging cybersecurity trends and threat landscapes and the status of projects in process that are intended to strengthen our information security systems and improve our cyber readiness. Under the oversight of our Audit Committee, our CEO-chaired Enterprise Risk Management team and our Cybersecurity Governance Committee, each comprised of a cross-functional team of executives and key functional leads and subject matter experts, convene at least quarterly to assess the identification and mitigation of cybersecurity risks, ensure the effective execution of our cybersecurity strategy and verify that our cybersecurity processes are adequately strengthened. The Cybersecurity Governance Committee is also responsible for evaluating findings and proposals presented by external consultants and developing the appropriate remediation actions. These teams are informed of cybersecurity threats and incidents through their management of the cybersecurity risk management and strategy processes described above, and report any such items to the Audit Committee as deemed appropriate.

Company Information