Triton International Ltd 10-K Cybersecurity GRC - 2024-02-29

Page last updated on April 11, 2024

Triton International Ltd reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-29 10:19:13 EST.

Filings

10-K filed on 2024-02-29

Triton International Ltd filed an 10-K at 2024-02-29 10:19:13 EST
Accession Number: 0001660734-24-000012

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Triton maintains a cybersecurity risk management program designed to identify, protect, detect and mitigate cybersecurity threats and ensure the reliability of our system applications and infrastructure (our Information Security Program ). Our Information Security Program, which is integrated within the Company s enterprise risk management framework, leverages rec ognized best practices and standards, including the National Institute of Standards and Technology cybersecurity framework, and is comprised of a robust set of cybersecurity tools, processes and procedures as further described below. Our internal information security team is led by Triton s Chief Information Officer, who has held this role for 14 years and holds over 30 years of experience in information technology, audit and risk management and holds certifications as a Certified Information Systems Security Professional and Certified Information Systems Auditor. Our Director, Information Security and Compliance holds over eight years of experience in cybersecurity management and oversight and over 20 years in information technology portfolio, program and application management positions. Additionally, others in our information technology team have relevant security experience and certifications. Our internal resources are augmented by external cybersecurity partners, including those described below. Our information security leadership team is responsible for assessing and managing the Company s Information Security Program, informs senior management regarding the prevention, detection, mitigation, and remediation of cybersecurity incidents and supervises such efforts. We also take a cross-departmental approach to managing cybersecurity risk and have formed a Cybersecurity Incident Response Team ( CIRT ) comprised of senior representatives from primary corporate functions as well as senior representatives from field operations to ensure a coordinated and effective response and ongoing business continuity in the face of cybersecurity threats and incidents. 24 Triton s Board is responsible for oversight of information technology and cybersecurity-related matters and monitoring cybersecurity risk management, and th e Board actively engages with senior management on the state of the Company s Information Security Program. The information security leadership team prepares briefings for the Board on the effectiveness of the Company s cyber risk management program, typically on a quarterly basis, which include a review of key performance indicators, training and test results and related remediation, and recent threats and how the Company is managing those threats . Triton s Information Security Program includes policies and procedures concerning cybersecurity matters, which include a cybersecurity incident response plan as well as other policies that directly or indirectly relate to cybersecurity, such as policies related to password standards, antivirus protection, remote access, multifactor authentication, confidential information and the use of electronic devices, electronic communications and social media. We perform routine vulnerability scanning of our network, with a focus on timely remediation of vulnerabilities. Our information security team regularly monitors alerts and meets to discuss threat levels, trends and remediation. We periodically perform simulations and tabletop exercises at an information technology department and CIRT level and incorporate external resources and advisors as needed. All employees and certain contractors are required to complete cybersecurity trainings annually. We conduct cybersecurity phishing exercises, and follow-up training as necessary, to ensure employees maintain a high level of vigilance regarding cybersecurity risks. Using external resources, we also conduct periodic cybersecurity risk assessments, penetration tests and internal threat testing to assess our processes and procedures and the threat landscape and help guide and prioritize our cybersecurity investments and solutions. In addition to assessing our own cybersecurity preparedness, we also consider and evaluate cybersecurity risks associated with use of third-party service providers. Triton maintains dedicated backup systems and applications with enhanced ransomware protection features. In the event of an incident, we intend to follow our detailed incident response plan, which outlines the steps to be followed from incident detection to mitigation, recovery and notification, including notifying relevant functional areas, as well as senior leadership and the Board, as appropriate. We also maintain incident response service retainers with independent third parties to assist with response and recovery efforts. We continue to expand our cybersecurity investments and defenses and are establishing a cybersecurity operations center to be managed by a third party to provide 24/7 monitoring of our global cybersecurity environment and assist with coordination, investigation and remediation of alerts. Triton faces risks from cybersecurity threats that could have a material adverse effect on its business, financial condition, results of operations, cash flows or reputation. Although such risks have not materially affected us to date, Triton has experienced, and will continue to experience, cyber incidents in the normal course of its business. For more information on the cybersecurity risks we face, please see We rely on our information technology systems to conduct our business. If these systems fail to adequately perform their functions, or if we experience an interruption in our operations, our business and financial results could be adversely affected and Security breaches and other disruptions could compromise our information technology systems and expose us to liability, which could cause our business and reputation to suffer under Item 1A. “Risk Factor s” of this Annual Report on Form 10-K.

Company Information