Tecnoglass Inc. 10-K Cybersecurity GRC - 2024-02-29

Page last updated on April 11, 2024

Tecnoglass Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-29 17:10:06 EST.

Filings

10-K filed on 2024-02-29

Tecnoglass Inc. filed an 10-K at 2024-02-29 17:10:06 EST
Accession Number: 0001493152-24-008362

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity We employ procedures designed to identify, protect, detect and respond to and manage reasonably foreseeable cybersecurity risks and threats. To protect our information systems from cybersecurity threats, we use various security tools that help prevent, identify, escalate, investigate, resolve and recover from identified vulnerabilities and security incidents in a timely manner. Our information security framework is based on the NIST Cybersecurity Framework, which along with continuous vigilance through ongoing vulnerability analyses, internal/external testing, alerts and reviews of cybersecurity events, our comprehensive strategic risk assessment which is achieved with collaboration of multidisciplinary teams, and our vendor management which includes a robust contracting process and engages third parties for cybersecurity support, ensure a resilient operation. We regularly assess risks from cybersecurity and technology threats and monitor our information systems for potential vulnerabilities, including those that could arise from internal sources and external sources such as third-party service providers we do business with. We use a widely-adopted risk quantification model to identify, measure and prioritize cybersecurity and technology risks and develop related security controls and safeguards. We conduct regular reviews other exercises to evaluate the effectiveness of our information security program and improve our security measures and planning. We currently have engaged an external assessor and may in the future determine to engage an assessor(s), consultant(s), auditor(s) or other third party(s) to supplement our processes. The Board oversees our annual enterprise risk assessment, where we assess key risks within the company, including security and technology risks and cybersecurity threats. The Audit Committee of the Board oversees our cybersecurity risk and receives regular reports from our management team on various cybersecurity matters, including risk assessments, mitigation strategies, areas of emerging risks, incidents and industry trends, and other areas of importance. Our cybersecurity team is deeply integrated into our risk management process, led by the Director of Information and Technology and our Cybersecurity Coordinator, who periodically review and update our incident response plan, and collaborate with subject matter specialists to ensure a comprehensive approach identifying and managing material cybersecurity threats. An established Information security committee contributes to a vigilant cybersecurity stance. To date, we have not experienced any attacks intended to lead to interruptions and delays in our service and operations as well as loss, misuse or theft of personal information (of third parties, employees, and our members) and other data, confidential information or intellectual property. Any significant disruption to our service or access to our systems in the future could adversely affect our business and results of operation. Further, a penetration of our systems or a third-party s systems or other misappropriation or misuse of personal information could subject us to business, regulatory, litigation and reputation risk, which could have a negative effect on our business, financial condition and results of operations. See Risk Factors - We may be adversely affected by any disruption in our information technology systems. Our operations are dependent upon our information technology systems, which encompass all of our major business functions.

Company Information