V2X, Inc. 10-K Cybersecurity GRC - 2024-03-05

Page last updated on April 11, 2024

V2X, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-05 07:26:06 EST.

Filings

10-K filed on 2024-03-05

V2X, Inc. filed an 10-K at 2024-03-05 07:26:06 EST
Accession Number: 0001601548-24-000004

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY The Company s Board of Directors (the Board ) through its audit committee (Audit Committee) is responsible for overseeing the Company s risk management program. The Company integrates cybersecurity risk management into its broader risk management framework to ensure that cybersecurity considerations form an integral part of our risk management program. Our Information Technology (IT) department works closely with the risk management team to evaluate and address cybersecurity risks. The Company s cybersecurity strategy and risk management processes align with the National Institute of Standards and Technology (NIST) governance requirements and cybersecurity framework. Cybersecurity Risk Management Strategy Identification, Response and Reporting: The Company has adopted a cyber incident response procedure to primarily: assess, identify and manage material cybersecurity threats and incidents; comply with our contractual obligation to safeguard covered defense information; and report on cyber incidents in accordance with the relevant DFARS. The Company has established and maintains comprehensive incident response, business continuity, and disaster recovery plans designed to address the Company s response to a cybersecurity incident. We have an established incident response team (IRT) comprised of cross-functional leaders from Finance, Human Resources, Legal, Security and IT groups, to identify, assess and address cyber incidents. The IRT coordinates closely with the risk management team on cybersecurity risks and threats facing the Company. The Company conducts regular exercises to test these plans and ensure personnel are familiar with their roles in a response scenario. Technical Safeguards: The Company implements technical safeguards that are designed to protect the Company s information systems from cybersecurity threats, including firewalls, intrusion prevention and detection systems, anti-malware functionality, and access controls, which are evaluated and improved through vulnerability assessments and cybersecurity threat intelligence, as well as through external audits and certifications. Third-party Engagements: The Company maintains a comprehensive, risk-based approach to identifying and overseeing material cybersecurity threats presented by our use of third-party vendors, service providers, and other external users of the Company s systems. We also monitor our use of systems of third parties that could adversely impact our business in the event of a material cybersecurity incident affecting those third-party systems, including any outside auditors or consultants who advise on the Company s cybersecurity systems. Recognizing the complexity and evolving nature of cybersecurity threats, we engage external experts, including managed security service provider (MSSP) and consultants, to evaluate our cyber governance and monitor our risks. These partnerships enable us to leverage their specialized knowledge to help ensure that our cybersecurity strategies and processes reflect industry best practices. Education and Awareness: The Company provides regular, mandatory training for employees on safeguarding against cybersecurity threats, and communicates the Company s evolving information security policies, standards, processes, and practices. Governance Board of Directors Oversight: The Audit Committee oversees cybersecurity risks. The Audit Committee reviews the Company s cybersecurity program, including the review of reports on cyber incident response processes, emerging cybersecurity developments and threats, and cyber risk assessment. The Audit Committee meets regularly with management to discuss our cybersecurity program. Management s Role: Our Chief Information Security Officer (CISO) is primarily responsible for assessing, monitoring and managing our cybersecurity risks. With over 23 years of experience in the field of information technology and cybersecurity, the CISO brings a wealth of expertise to his role. His background includes experience as a military cybersecurity officer and system security engineer, resulting in extensive knowledge and experience in developing and executing cybersecurity strategies. The CISO holds a graduate degree in Information Resource Management from the Air Force Institute of Technology, Wright-Patterson, Air Force Base, Ohio and holds a Certified Information Systems Security Professional certification, awarded and maintained since 2010. The CISO coordinates with senior management, including members of the IRT, to implement a program designed to protect the Company s information systems from cybersecurity threats and to promptly respond to any material cybersecurity incidents or threats in accordance with the Company s incident response procedure. Through ongoing communications between the CISO, IRT and other members of senior management (including the CEO), senior management stays informed about and monitors the prevention, detection, mitigation and remediation of cybersecurity threats and incidents in real time and reports significant threats and incidents to the Audit Committee, when appropriate. 29 Table of Contents Management provides comprehensive briefings to the Audit Committee on a regular basis. These briefings may include topics such as the current cybersecurity landscape and emerging threats, reports on significant incidents and breaches, and compliance with new regulatory requirements. Risks from Cybersecurity Threats Our top cybersecurity threats include phishing, smishing, business email compromise, ransomware, system & human errors, and malware. These types of attacks could have a material impact on the Company. To date, we have not encountered cybersecurity challenges that have materially impacted our operations or results of operations.

Company Information